-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 19 Nov 2003, Chris Strom wrote: > I've received a strange HTTP request on my web site from two different > sources. The request is logged as: > > SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02 <snip of 32K attack signature> I've seen much the same here on all of my web servers. I have in excess of one megabyte of these attack signatures in my logs. Some of them are one-time attacks; others are "burst" attacks and come one after another for several minutes. Haven't bothered looking into what the culprit is yet, but am interested to learn what's at the heart of this log-bloater. In the meantime, I'm blocking the offending IP addresses that spew this junk. - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@treachery.net -----<) | = |-' `--' `--' `--- Next time let's screw it up my way first ---' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQE/u/DoxdMhRVezQfcRAm7fAJ99WWsLh4ScPJduM/V95XaFNgwO8gCghnXL 8hr1V4xAd6yXQ+yyyS+qg4c= =w9ru -----END PGP SIGNATURE-----
