[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Web Server Attack?

To: silug-discuss@silug.org
Subject: Re: Web Server Attack?
From: Tighe <emry@accessus.net>
Date: Thu, 16 Aug 2001 12:18:29 -0500 (CDT)
In-Reply-To: <3B7BCDDC.8BD4B045@luci.org>
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: owner-silug-discuss@silug.org

This might just be the mid-morning drinking speaking, but this appears to
be in the form of an http request that is connecting to your SMTP
port.  Do you have sendmail running on a non-standard port?  Is someone
playing around with SRV records in your domain?  

Tighe

>Date: Thu, 16 Aug 2001 09:42:52 -0400
>From: Jason Burke <jburke@luci.org>
>Reply-To: silug-discuss@silug.org
>To: silug-discuss@silug.org
>Subject: Web Server Attack?
>
>Greetings All,
>
>Has anyone out there seen this before...
>
>Aug 15 08:33:12 alter3000 sendmail[22080]: NOQUEUE: SYSERR: putoutmsg
>([192.168.10.11]): error on output channel sending "500 Command
>unrecognized:
>"GET http://www.wenxuecity.com/ HTTP/1.1"": Broken pipe
>
>Aug 15 08:33:12 alter3000 sendmail[22080]: NOQUEUE: SYSERR: putoutmsg
>([192.168.10.11]): error on output channel sending "500 Command
>unrecognized:
>"Host: www.wenxuecity.com"": Broken pipe
>
>Aug 15 08:33:12 alter3000 sendmail[22080]: NOQUEUE: SYSERR: putoutmsg
>([192.168.10.11]): error on output channel sending "500 Command
>unrecognized:
>"Accept: */*"": Broken pipe
>
>Aug 15 08:33:12 alter3000 sendmail[22080]: NOQUEUE: SYSERR: putoutmsg
>([192.168.10.11]): error on output channel sending "500 Command
>unrecognized:
>"Pragma: no-cache"": Broken pipe
>
>Aug 15 08:33:12 alter3000 sendmail[22080]: NOQUEUE: SYSERR: putoutmsg
>([192.168.10.11]): error on output channel sending "500 Command
>unrecognized:
>"User-Agent: Mozilla/5.0 (compatible; MSIE 5.01; Win2000)"": Broken pipe
>
>Aug 15 08:33:12 alter3000 sendmail[22080]: NOQUEUE: SYSERR: putoutmsg
>([192.168.10.11]): error on output channel sending "500 Command
>unrecognized:
>""": Broken pipe
>
>
>It looks like an attack to me, but I can't tell what exploit the
>attacker
>was trying to use. Anyone have any ideas?
>
>Jason Burke
>
>-
>To unsubscribe, send email to majordomo@silug.org with
>"unsubscribe silug-discuss" in the body.
>

-- 
Tighe Schlottog		Sys Admin at large	  /emry\"@"/accessus.net\
                             ook ook
"Mr. Wizard, I think I'd rather be a coot than a hacker. Yeah, sure, every
now and then a giant pink-haired ape would come running after me and 
chase me into the lake, but really, could it be that much worse? I'd have
a tiny little brain and wouldn't be expected to worry about anything." 
						-jwz from www.jwz.org

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

References:
- Web Server Attack?
  - From: Jason Burke <jburke@luci.org>

Prev by Date: Web Server Attack?
Next by Date: Re: Web Server Attack?
Prev by thread: Web Server Attack?
Next by thread: Re: Web Server Attack?
Index(es):
- Date
- Thread