[32496] in bugtraq
Re: Router Worm?
daemon@ATHENA.MIT.EDU (Fred Laxton)
Wed Nov 19 18:33:12 2003
Message-ID: <3FBBE9EB.3030608@laxton.net>
Date: Wed, 19 Nov 2003 17:08:43 -0500
From: Fred Laxton <securitynotice@laxton.net>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <20031119145409.17782.qmail@sf-www3-symnsj.securityfocus.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
I just saw the same thing on my web server log from last night. It did
no damage, but I blocked the offending IP anyway, it can't be anything
good ;-) I also reported it to the network's abuse address.
Fred
Chris Strom wrote:
>
> I've received a strange HTTP request on my web site from two different sources. The request is logged as:
>
> SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
> \xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02
>
--
--
Fred Laxton
InfoTechDesign.net - Classic Web Design & Hosting
http://infotechdesign.net
Powered by Mac OS X, Red Hat Linux, Yellow Dog Linux and Mandrake Linux
Registered Linux user #246414
