right on! i run freebsd so i'm not worried either. and after a few searches i did see a few people mentioning a buffer over run. <br><br>hey thanks a lot guys for your insight.<br><br><div><span class="gmail_quote">On 6/10/06,
<b class="gmail_sendername">Gentgeen</b> <<a href="mailto:gentgeen@linuxmail.org">gentgeen@linuxmail.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Sat, 10 Jun 2006 18:19:25 -0400<br>Bill Moran <<a href="mailto:wmoran@potentialtech.com">wmoran@potentialtech.com</a>> wrote:<br><br>> "Daniel McQuay" <<a href="mailto:simplebob@gmail.com">simplebob@gmail.com
</a>> wrote:<br>><br>> > Hello List,<br>> ><br>> > I was just going through some log files and ran across some weird<br>> > entries in my httpd-access.log.<br>> ><br>> > <a href="http://71.116.248.152">
71.116.248.152</a> - - [04/Jun/2006:14:50:13 -0400] "SEARCH<br>> > /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\x<br>> > c9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\
<br>> > xc9\xc9\xc9\xc9\xc9<br>> > \xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc<br>> > 9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\x<br>> > c9\xc9\xc9\xc9\xc9
<br>> ><br>> > for this email i left out several lines of this but has any one ever<br>> > seen this sort of thing before? I suspect that it's some sort of<br>> > exploit.<br>><br>> It's an attempt to exploit a buffer overflow. I'm not sure which one,
<br>> but I'm certain a few searches will turn up some exact details.<br>><br>> --<br>> Bill Moran<br>><br>> Not as deceiving as a low down dirty... deceiver.<br>><br>> Jayne Cobb<br>><br>
<br>Yes it is a buffer overflow exploit. Had a similar thing show up on<br>mine a while back. Don't remember the exact thing that was repeated,<br>but basically the same as you have.<br><br>Some googling on mine showed me a buffer overflow attach for some
<br>Windows Server bug. Since mine is a Debian Stable box, I just ignored<br>it.<br><br>Kevin<br><br><br><br>--<br><a href="http://gentgeen.homelinux.org">http://gentgeen.homelinux.org</a><br><br>#############################################################
<br> Associate yourself with men of good quality if you esteem<br> your own reputation; for 'tis better to be alone then in bad<br> company. - George Washington, Rules of Civility<br>_______________________________________________
<br>wplug mailing list<br><a href="mailto:wplug@wplug.org">wplug@wplug.org</a><br><a href="http://www.wplug.org/mailman/listinfo/wplug">http://www.wplug.org/mailman/listinfo/wplug</a><br></blockquote></div><br><br clear="all">
<br>-- <br>Daniel McQuay<br><a href="mailto:simplebob@gmail.com">simplebob@gmail.com</a><br><a href="http://boxster.homelinux.org">boxster.homelinux.org</a><br>H: 814.825.0847<br>M: 814-341-6233