Do you have a link to the explanation?
-----Original Message-----
From: Sunny L.S. Chan (DLRM) [mailto:[EMAIL PROTECTED]]
Sent: Sunday, August 05, 2001 10:38 AM
To: [EMAIL PROTECTED]
Subject: Re: Is someone attempting to hack my server's tomcat 3.2.3?
Hi guys I have checked the earlier posts and its the code-red worm thing.
Please ignore my previous question...
Thankx and regards
Kas
----- Original Message -----
From: "Kasnol (2001)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 05, 2001 10:32 PM
Subject: Is someone attempting to hack my server's tomcat 3.2.3?
> Hello all,
>
> I am using tomcat 3.2.3, windows 2000 professional at my home, upon
> occasional inspection of my tomcat log, an intresting, strange error is
> observed and enclosed below. I only can caputure 200 lines from my log
> screen, but below is the best bit of the tomcat output. The full version
is
> appended below to my message:
>
> Parse error, missing : in ccept: */*
> t
> Full GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNN
>
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
> 801%
> u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0
> Content-type: text/xmlHOST:www.worm.com Accept: */*
> trol: bypass-client=202.156.138.27
> Connection: closeVia: 1.0 <STIX>HHCE3X-Forwarded-For: 202.156.138.27
>
> I can tell that someone is trying to access via GET method, and
> default.ida(?) or is it downloading somestuff somewhere in the net?
>
> I believe it can be somehow related to the recent worm scare at win2k.
> Is someone trying to implant a worm in my computer, or is this something
> tomcat, win2k, is vulnerable to ?
> I haven't seen anything wrong with my computer yet... but I guess I should
> start a full visurs scan
>
> Thankx!
> Any help/light is appreciated
> Regards
> Kas
>
> /***************************** Log Description
***************************/
> 2001-08-05 19:53:07 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> Parse error, missing : in ccept: */*
> t
> Full GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNN
>
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
> 801%
> u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0
> Content-type: text/xmlHOST:www.worm.com Accept: */*
> trol: bypass-client=202.156.138.27Connection: closeVia: 1.0
> <STIX>HHCE3X-Forward
> ed-For: 202.156.138.27
>
> 2001-08-05 19:55:27 - Ctx( ): 404 R( + /default.ida + null) null
> 2001-08-05 20:10:54 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 20:23:28 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 20:29:41 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 20:52:17 - ContextManager: SocketException reading request,
> ignored -
> java.net.SocketException: Connection reset by peer: JVM_recv in socket
> input st
> ream read
> at java.net.SocketInputStream.socketRead(Native Method)
> at java.net.SocketInputStream.read(SocketInputStream.java:86)
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
> at
> org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA
> dapter.java:115)
> at
> org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ
> letInputStream.java:106)
> at
> org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle
> tInputStream.java:128)
> at
> javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138
> )
> at
> org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt
> pRequestAdapter.java:129)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:198)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:11:37 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:14:54 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:16:17 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:22:47 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:25:25 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:29:39 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:43:10 - ContextManager: SocketException reading request,
> ignored -
> java.net.SocketException: Connection reset by peer: JVM_recv in socket
> input st
> ream read
> at java.net.SocketInputStream.socketRead(Native Method)
> at java.net.SocketInputStream.read(SocketInputStream.java:86)
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
> at
> org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA
> dapter.java:115)
> at
> org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ
> letInputStream.java:106)
> at
> org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle
> tInputStream.java:128)
> at
> javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138
> )
> at
> org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt
> pRequestAdapter.java:129)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:198)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:52:23 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:56:15 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 21:58:14 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
>
> 2001-08-05 22:08:40 - ContextManager: Error reading request, ignored -
> java.lang
> .NumberFormatException: 3379
> at java.lang.Integer.parseInt(Integer.java:423)
> at java.lang.Integer.parseInt(Integer.java:463)
> at
> org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
> at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
> at java.lang.Thread.run(Thread.java:484)
