Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What HTTP exploit?

  • From: Richard Welty
  • Date: Sun May 30 20:04:19 2004

On Sun, 30 May 2004 15:43:58 -0500 "John Palmer (NANOG Acct)" <nanog@adns.net> wrote:



> Can anyone identify this http exploit? Seen in the apache logs:

> foo.bar.com
>  - - [30/May/2004:02:45:28 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
> x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
> 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\
> xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1

> etc - and it goes on for about 1200 bytes.

> Been getting an annoying number of these in my httpd logs today - it botches up my log analyser program.
 
i just installed the following in my apache configs to get rid of it:

# control logging
SetEnvIf Request_URI "^/default.ida?" dontlog
SetEnvIf Request_Method "SEARCH" dontlog

and then later on...

CustomLog /var/log/httpd/access_log combined env=!dontlog

between the two of them, they were consuming an absurd amount
of space in my /var/log partitions.

richard
-- 
Richard Welty                                         rwelty@averillpark.net
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.