[Snort-users] (no subject)
This is a discussion on [Snort-users] (no subject) within the Snort forums, part of the System Security and Security Related category; --0-1092390715-1126554417=:10276 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit hello all- I am ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-12-2005
|
|||
|
|||
[Snort-users] (no subject)
--0-1092390715-1126554417=:10276
Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit hello all- I am seeing several URL requests from one IP address (China) with the URL over and over http://whateva.mydomain.comhttp://wh...a.mydomain.com httphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain. comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp http://whateva.mydomain.comhttphttp:...domain.comhttp This has triggered the following signature; WEB-MISC Invalid HTTP Version String I read the description of the signature and it does not appear as though I am vulnerable to the exploit that is discussed. However, I am a bit concerned with the amount of requests (thousands). Does anyone have any ideas as to what type of exploit this could be? Larry --0-1092390715-1126554417=:10276 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit <DIV>hello all- </DIV> <DIV>I am seeing several URL requests from one IP address (China) with the URL over and over </DIV> <DIV> </DIV> <DIV><A href="http://whateva.mydomain.comhttp://whateva.mydomain.comhttphttp://whateva.mydomain.com">http://whateva.mydomain.comhttp://whateva.mydomain.comhttphttp://whateva.mydomain.com</A></DIV> <DIV>httphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.</DIV> <DIV>comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp</DIV> <DIV><A href="http://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp">http://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp</A></DIV> <DIV> </DIV> <DIV>This has triggered the following signature; WEB-MISC Invalid HTTP Version String </DIV> <DIV> </DIV> <DIV>I read the description of the signature and it does not appear as though I am vulnerable to the exploit that is discussed. However, I am a bit concerned with the amount of requests (thousands). Does anyone have any ideas as to what type of exploit this could be?</DIV> <DIV> </DIV> <DIV>Larry</DIV> --0-1092390715-1126554417=:10276-- ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
