Re: [SLUG] What sort of attack is this

Alexander Samad Wed, 26 Nov 2003 17:24:40 -0800

Thanks


n Thu, Nov 27, 2003 at 11:03:00AM +1100, Marty Richards wrote:
> 
> 
> >
> > I have found this is my apache logs
> >
> > 132.198.224.115 - - [18/Nov/2003:23:27:10 +1100] "SEARCH
> > /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\x
> > b1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x
> > 0
> >
> >
> > whith lots more it gets a 400 return code
> >
> > I am interested to see what sort of an attack this is ? some
> > quick searching on google hasn't found me anything.
> >
> > Any one else seen this, right now I am just blocking their IP address!
> 
> This is a webdav exploit.
> Some of the M$ worms (nachi/welchia etc) use this as a secondary attack if port
> 135 is not available.
> Cheers,
> Marty
> NNeettwwaayy NNeettwwoorrkkss PPttyy LLiimmiitteedd
> t   02 - 8920 8877
> f   02 - 8920 8866
> e   [EMAIL PROTECTED]
> w   
> _h_t_t_p_:_/_/_w_w_w_._n_e_t_w_a_y_n_e_t_w_o_r_k_s_._c_o_m_._a_u

> -- 
> SLUG - Sydney Linux User's Group - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug


--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Re: [SLUG] What sort of attack is this

Reply via email to