[wplug] odd looking entries in httpd-access.log

Daniel McQuay simplebob at gmail.com
Sat Jun 10 19:33:46 EDT 2006


right on! i run freebsd so i'm not worried either. and after a few searches
i did see a few people mentioning a buffer over run.

hey thanks a lot guys for your insight.

On 6/10/06, Gentgeen <gentgeen at linuxmail.org> wrote:
>
> On Sat, 10 Jun 2006 18:19:25 -0400
> Bill Moran <wmoran at potentialtech.com> wrote:
>
> > "Daniel McQuay" <simplebob at gmail.com> wrote:
> >
> > > Hello List,
> > >
> > > I was just going through some log files and ran across some weird
> > > entries in my httpd-access.log.
> > >
> > > 71.116.248.152 - - [04/Jun/2006:14:50:13 -0400] "SEARCH
> > > /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\x
> > > c9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\
> > > xc9\xc9\xc9\xc9\xc9
> > > \xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc
> > > 9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\x
> > > c9\xc9\xc9\xc9\xc9
> > >
> > > for this email i left out several lines of this but has any one ever
> > > seen this sort of thing before? I suspect that it's some sort of
> > > exploit.
> >
> > It's an attempt to exploit a buffer overflow.  I'm not sure which one,
> > but I'm certain a few searches will turn up some exact details.
> >
> > --
> > Bill Moran
> >
> > Not as deceiving as a low down dirty... deceiver.
> >
> >       Jayne Cobb
> >
>
> Yes it is a buffer overflow exploit.  Had a similar thing show up on
> mine a while back.  Don't remember the exact thing that was repeated,
> but basically the same as you have.
>
> Some googling on mine showed me a buffer overflow attach for some
> Windows Server bug.  Since mine is a Debian Stable box, I just ignored
> it.
>
> Kevin
>
>
>
> --
> http://gentgeen.homelinux.org
>
> #############################################################
> Associate yourself with men of good quality if you esteem
> your own reputation; for 'tis better to be alone then in bad
> company.        - George Washington, Rules of Civility
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>



-- 
Daniel McQuay
simplebob at gmail.com
boxster.homelinux.org
H: 814.825.0847
M: 814-341-6233
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wplug.org/pipermail/wplug/attachments/20060610/79590bb3/attachment.html


More information about the wplug mailing list