| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031119220217.GX842@snowcrash.tpb.net> Date: Wed, 19 Nov 2003 23:02:17 +0100 From: Niels Bakker <niels=bugtraq@...ker.net> To: Chris Strom <cstrom@....com> Cc: bugtraq@...urityfocus.com Subject: Re: Router Worm? * cstrom@....com (Chris Strom) [Wed 19 Nov 2003, 22:45 CET]: > > I've received a strange HTTP request on my web site from two different sources. The request is logged as: > > SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 > \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 [..] > > The request continues for a total of 32732 characters long (not shown). I was able to access one of the sites on port 80, here's the server response. > > Date: Tue, 15 Mar 1966 05:03:04 GMT > Server: Allegro-Software-RomPager/2.10 > Content-Type: text/html > Last-Modified: Mon, 25 May 1998 00:00:00 GMT > Client-Date: Wed, 19 Nov 2003 14:07:57 GMT > Client-Peer: xxx.xxx.xxx.xxx:80 > Client-Response-Num: 1 > Title: Netopia Router (192.168.1.1) > > Apologies if this is a known issue or if this is the wrong forum for this information. The host behind this NAT device is probably infected with some windows worm. -- Niels.
Powered by blists - more mailing lists