>>> Lately i've been receiving some strange requests on port 80. I found
>>> this in the logs:
>>> 218.94.77.207 - - [19/May/2004:14:16:51 +0100] "SEARCH
>>> /\x90\x02\xb1\x02\xb
>>> \x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 02\xb1\x02\xb1\x02\
>>> xb
>>
>> I've been getting these recently as well, on all my web servers. I
>> don't know if it's targeting Apache or another web server (IIS?), but
>> it would be interesting to know what exactly they're trying to do.
>
> IIS WebDAV Exploit, I think one of the agobot worms tries to use it to
> get into Windows boxes.
LOL, so people still try to run http servers Windows :) Good way to kill
your server.
--
Jem Berkes
http://www.sysdesign.ca/