Subject: Re: has anyone else seen this and if you have What is it?
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Tue Jan 28 2003 - 16:24:55 AKST
On Tue, 28 Jan 2003, Shortpier wrote:
>
> I have been checking my web access logs on my box and I can identify the
> NIMDA and Code Red but I am getting several hits in the last couple of
> days that look like this
>
> GET /sumthin HTTP/1.0" 404 304 "-" "-
>
> Anyone know if this is ANOTHER M$ exploit or what?
Not that I know of. I've got a few of the same in the access_log of one
of my servers. I think it's either a script used to grab HTTP headers
(server type/version, OS, whatever), or possibly something designed to
examine how a server handles 404 errors (whether the canned apache error
is used, or a custom error page, etc.). Either way, the danger to your
system is probably extremely low.
Mike
-- Mike Tibor Univ. of Alaska Anchorage (907) 786-1001 voice Network Technician Consortium Library (907) 786-6050 fax tibor@lib.uaa.alaska.edu http://www.lib.uaa.alaska.edu/~tibor/ http://www.lib.uaa.alaska.edu/~tibor/pgpkey for PGP public key--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Tue Jan 28 2003 - 16:24:57 AKST