| Author |
Has anyone seen this?
|
|
|
|
68.189.211.224 - - [15/Feb/2004:03:16:07 -0500] "GET
/default.ida? XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXX%u9090%u6858%ucbd3%u7801%u9090%u68
58%ucbd3%u7801%u9090%u6858%ucbd3%u780
1%u9090%u9090%u8190%u00c3%u0003%u8b00%u5
31b%u53ff%u0078%u0000%u00=a HTTP/1.0"
404 287 "-" "-"
I keep finding similar entrys in my access logs. Is this indicative of an
attempt to root my box? If so is there a way to tell weathert it was
successfull or not and is there a patch yet? It kinda looks like someone
is trying to force a stack over run.
Thanks in advance...
Bill
| |
| johannes m.r. 2004-02-16, 7:33 am |
| >[..]
>I keep finding similar entrys in my access logs. Is this indicative of an
>attempt to root my box? If so is there a way to tell weathert it was
>successfull or not and is there a patch yet? It kinda looks like someone
>is trying to force a stack over run.
http://www.google.com/search?q=default.ida
j.
| |
| Brian H¹© 2004-02-16, 11:33 am |
| bill said:
> 68.189.211.224 - - [15/Feb/2004:03:16:07 -0500] "GET
> /default.ida? XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXX%u9090%u6858%ucbd3%u7801%u9090%u68
58%ucbd3%u7801%u9090%u6858%ucbd3%u780
> 1%u9090%u9090%u8190%u00c3%u0003%u8b00%u5
31b%u53ff%u0078%u0000%u00=a HTTP/1.0"
> 404 287 "-" "-"
>
Is that still doing the rounds?
It's not a problem for you, as can be seen by the 404, so you can just ignore
these entries.
|
|
|
|