lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA2gdghPw3q0GMjLpwXYiQDsKAAAAQAAAA5A3LZi7LAkC3iW/HuCA0TgEAAAAA@intract.org>
From: ml at intract.org (Michael Linke)
Subject: Odd logs

> -----Urspr?ngliche Nachricht-----
> Von: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure- 
> admin@...ts.netsys.com] Im Auftrag von Mark
> Gesendet: Mittwoch, 4. Juni 2003 18:31
> An: Lan Guy
> Cc: Scott M. Algatt; full-disclosure@...ts.netsys.com
> 
> 
> 
> The exert from my log files which had the same (but cant say it caused 
> me any concern)
> 
> dhpp.csudh.edu - - [01/Jun/2003:21:27:08 +0100] "CONNECT 1.3.3.7:1337 
> HTTP/1.0" 405 303 "-" "-"


Since long time I see something like this in my apache log files. The
connect command means that anyone tries to use you http server for http
tunnelling. But so long the access.log shows any error code like 405, 404,
400 or 407, so it is running fine. 
But in case that there is Status Code of 200, so you have to check you
configuration. 

Here is a short collection of some strange log file entries.

80.181.x.x - - [03/Jun/2003:19:15:17 +0200] "GET /mod_ssl:error:HTTP-request
HTTP/1.0" 400 520 195.214.x.x - - [15/May/2003:07:08:25 +0200] "-" 408 -
212.141.x.x - - [17/May/2003:12:43:03 +0200] "OPTIONS * HTTP/1.0" 403 268
193.127.x.x - - [19/May/2003:02:14:27 +0200] "HEAD / HTTP/1.1" 400 0
200.203.x.x - - [21/May/2003:11:07:44 +0200] "CONNECT
cratosthenes.zen.co.uk:25 HTTP/1.0" 403 277 212.66.x.x - -
[25/May/2003:04:15:25 +0200] "SEARCH / HTTP/1.1" 403 269 216.25.x.x - -
[01/Jun/2003:09:29:03 +0200] "PROPFIND / HTTP/1.0" 403 268 217.45.x.x - -
[01/Jun/2003:23:04:15 +0200] "GET /NULL.printer" 404 -

Regards,
Michael

intract - any business anywhere
Michael Linke
Netzwerkadministrator
Heilbronnerstr. 50
D-73728 Esslingen
Germany
Phone  : +49 384 16297 50
Fax      : +49 711 35152 89
mobile  : +49 178 51 52 959
e-mail   : ml@...ract.org
ICQ      : 141033973
webside:   http://www.intract.org


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ