[70889] in North American Network Operators' Group
What HTTP exploit?
daemon@ATHENA.MIT.EDU (John Palmer (NANOG Acct))
Sun May 30 16:50:06 2004
From: "John Palmer (NANOG Acct)" <nanog@adns.net>
To: <nanog@merit.edu>
Date: Sun, 30 May 2004 15:43:58 -0500
Errors-To: owner-nanog-outgoing@merit.edu
Can anyone identify this http exploit? Seen in the apache logs:
foo.bar.com
- - [30/May/2004:02:45:28 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb
1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\
xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1
etc - and it goes on for about 1200 bytes.
Been getting an annoying number of these in my httpd logs today - it botches up my log analyser program.
