Logfile shows funny SEARCH message
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Logfile shows funny SEARCH message




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Logfile shows funny SEARCH message  
Chee Kiong


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
02-19-04 08:34 PM

Hi,

my webserver logfile recently is showing some funny SEARCH
message. can any guru, pls enlighten me if it is a attack
and whether was is successfull? i have replaced my ip
with x.x.x.x.=20

Thanks
Chee Kiong

***************** IIS Logfile ************************
2004-02-20 00:52:10 24.70.3.222 - W3SVC1 WEB1 X.X.X.X 80=20
SEARCH / AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA???
=18??????????????????????????????????####??????????
 rmomddddddisjhnegdddddddlohddplokdepnqlo
jldlloskjndiimrlimd
 dddddrfsmlgrpehggpdidjlfrjikljijljljskgk
hjlipkgkjjgloqpidjn
 djjndfididjlddddddhdigssejlgslsskhfmlosl
jnddlopjlgpdelidloi
 lspiglgpddhidikssijdhidikssijdlillipdkhd
mloqpggpdidigssijdp
 ssijedieijlohigploihflkldgqiiflokffddgsi
ggpmhmhenqdgpiggqod
 soredgnqjkhdlpepodqdgqnhdrosegoeskirkinl
oinfhdgqqjjlodpholo
 inepdgqqlodhlodgpinoirimpgrlhfssssssniek
ddkpeskmdnrlsomksqd
 smlsrlndrrsprrdjdddgfddddddddddddhqinmdd
ddgdddddddhddddddss
 ssddddolddddddddddddddhddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddrlddd
ddddresondrddohdmpq
feoldehp!
 pqfeihjljmkgfdkdkfjsjkkfjejqfdjgjejrjrjs
khfdjfjifdkfkijrfdj
 mjrfdhhhsigfdjqjsjhjifrdqdqdnfhddddddddd
dddddnigldipkreimjo
 mhreimjomhreimjomhmnhijkmhrgimjomhjfhiji
mhrgimjomhlrhjjemhr
 nimjomhlrhjjsmhrgimjomhreimjnmhljimjomhj
fiegjmhrlimjomhrkkn
 jdmhrdimjomhifjmjgjlreimjomhdddddddddddd
ddddddddddddddddddd
 dddddddddddddddddidhiddddhpdedgddhniejnh
eddddddddddddddddrd
 dddsdedodehonrddgdddddddedddddddmdddddnd
pnddddddndddddddqdd
 dddddddhdddddeddddddddfdddddhddddddddddd
ddddhdddddddddddddd
 ddrddddddddhdddddddddddddgddddddddddeddd
ddedddddddddeddddde
 dddddddddddddedddddddddddddddddddddddddq
dddddgldedddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 mdddddddeddddddddddddddddhdddddddddddddd
ddddddddddddddldddd
 drdddddddddddddddddddgdddddddndddddddfpd
ddddddhdddddddddddd
 ddddddddddddddddhdddddrddddddddddddddddd
ddedd!
 dddddqddddddddfddddddgdddddddddddddddddd
dddddddddddhdddddpd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
dddddddddddddddssss
 eirlhdhdddrldddddqoplipdkigijldhdednjlkh
ngefidojsfppjpemrpe
 dgpklfmsdiooosqhsfnsplgsldfkidirmdmdefpd
hddhpsrqskrpmpgmdle
 rpdldfeflqhhfhddijiklogqglhehdsossompigp
ifrdjpqklgphdplqhpf
 hdljnddiejhkkjgosqqigrdhddirhhdkdgpfrlog
ihdsjkkkskgdifkdhss
 qjmmomdiirsksmloehmikliregqsmrhpqlifeejh
fidkdsldkmdihlonook
 ksslgplslhdlodhlikeenghqfnjpqjfoispefspr
qknjjqmdpgpdfmrfsoo
 dqfkqhhreefmrpsdnpeigfqoqosssssseirlhdhd
ddrldddddqoplipdkig
 ijldhdednjlkhngefidojsfppjpemrpedgpklfms
diooo!
 sqhsfnsplgsldfkidirmdmdefpdhddhpsrqskrpm
pgmdlerpdldfeflqhhf
 hddijiklogqglhehdsossompigpifrdjpqklgphd
plqhpfhdljnddiejhkk
 jgosqqigrdhddirhhdkdgpfrlogihdsjkkkskgdi
fkdhssqjmmomdiirsks
 mloehmikliregqsmrhpqlifeejhfidkdsldkmdih
lonookksslgplslhdlo
 dhlihheilqlpfhehohidjlqlkgiesgkfhlikfhde
srehligpqmrqkhoknee
 piffmfhlpqpjlqnjdrskkqodpklfhdkdeopisirl
ephpmqokksgsqjsddlg
 rpedjlsljpogqpggpdpkrmkknsqogrgplmdkdldg
dpsmegdhkdeeoooikkj
 gqeglfhskqleopddgkpphedhplfrmqrojjlpdefd
djrheghkhkgmosssjng
 shnikokhghjndejnddjndffmipdldnofoeiljhdh
lodsdgenkfreiorhdeh
 sgdpfdlddjsnddejrjrfogpedigiikesgdfogimm
lhesskqrkkrdslijpdq
 fpedrpnesdnieekhempkdiqlsromprkikoilekni
eddjesdjrproekoofkf
 kpseljhdddedlgpdhdplphpjkhldlndmnehdsksk
kskesnllqdpldlofqph
 eqloeqpldilqdhhllqehldneklpkliqslhlfjqlm
ihjgkpgnfpksginegld
 roksorjdhdmsskhfoidgpegsphhjrmiesgoonero
kehdsepidedldffqmlq
 nqsoqsssqgnldgjqqidnpphdeflipqlqoeejqjhs
qdhdhlkdheeoioodrjn
 ghpkmqklgjkehekdhkgmssqjqikiffkjlndfjghj
jngqhqehqrlkrmqsods
 lhjgqdienegjjnsspmqhrmkjdqpspoelipoheldl
erepr!
 rfedgejkoskeffpdhfhkpjlmdjekqeqeoqrpqlsi
lmrfqklngkdmggrdijl
 qdssqnqjdpililieqgmqlolosdlerjsspgqldple
ddqknolgsndgkkeqssf
 hmijeslqsqpipeheqnmedperfeddgsfrodolojik
qmdjsooeiperddpsdfo
eodldslkminrpemqprdnfsjpmpdpmijngnk - 404 0 0 33073 266=20
HTTP/1.1 127.0.0.1 - - -




[ Post a follow-up to this message ]



    Re: Logfile shows funny SEARCH message  
Keith W. McCammon


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
02-20-04 07:35 AM

Someone tooling around looking for a buffer overrun.  It's advisable to run
URLScan to filter out these requests by method, length, or both.

http://www.microsoft.com/technet/se...ols/urlscan.asp

"Chee Kiong" <ongck@ap.nec.com.sg> wrote in message
 news:1390e01c3f76a$25fdcd10$a601280a@phx
.gbl...
Hi,

my webserver logfile recently is showing some funny SEARCH
message. can any guru, pls enlighten me if it is a attack
and whether was is successfull? i have replaced my ip
with x.x.x.x.

Thanks
Chee Kiong

***************** IIS Logfile ************************
2004-02-20 00:52:10 24.70.3.222 - W3SVC1 WEB1 X.X.X.X 80
SEARCH / AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA???
??????????????????????????????????####??????????
 rmomddddddisjhnegdddddddlohddplokdepnqlo
jldlloskjndiimrlimd
 dddddrfsmlgrpehggpdidjlfrjikljijljljskgk
hjlipkgkjjgloqpidjn
 djjndfididjlddddddhdigssejlgslsskhfmlosl
jnddlopjlgpdelidloi
 lspiglgpddhidikssijdhidikssijdlillipdkhd
mloqpggpdidigssijdp
 ssijedieijlohigploihflkldgqiiflokffddgsi
ggpmhmhenqdgpiggqod
 soredgnqjkhdlpepodqdgqnhdrosegoeskirkinl
oinfhdgqqjjlodpholo
 inepdgqqlodhlodgpinoirimpgrlhfssssssniek
ddkpeskmdnrlsomksqd
 smlsrlndrrsprrdjdddgfddddddddddddhqinmdd
ddgdddddddhddddddss
 ssddddolddddddddddddddhddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddrlddd
ddddresondrddohdmpq
feoldehp!
 pqfeihjljmkgfdkdkfjsjkkfjejqfdjgjejrjrjs
khfdjfjifdkfkijrfdj
 mjrfdhhhsigfdjqjsjhjifrdqdqdnfhddddddddd
dddddnigldipkreimjo
 mhreimjomhreimjomhmnhijkmhrgimjomhjfhiji
mhrgimjomhlrhjjemhr
 nimjomhlrhjjsmhrgimjomhreimjnmhljimjomhj
fiegjmhrlimjomhrkkn
 jdmhrdimjomhifjmjgjlreimjomhdddddddddddd
ddddddddddddddddddd
 dddddddddddddddddidhiddddhpdedgddhniejnh
eddddddddddddddddrd
 dddsdedodehonrddgdddddddedddddddmdddddnd
pnddddddndddddddqdd
 dddddddhdddddeddddddddfdddddhddddddddddd
ddddhdddddddddddddd
 ddrddddddddhdddddddddddddgddddddddddeddd
ddedddddddddeddddde
 dddddddddddddedddddddddddddddddddddddddq
dddddgldedddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 mdddddddeddddddddddddddddhdddddddddddddd
ddddddddddddddldddd
 drdddddddddddddddddddgdddddddndddddddfpd
ddddddhdddddddddddd
 ddddddddddddddddhdddddrddddddddddddddddd
ddedd!
 dddddqddddddddfddddddgdddddddddddddddddd
dddddddddddhdddddpd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
ddddddddddddddddddd
 dddddddddddddddddddddddddddddddddddddddd
dddddddddddddddssss
 eirlhdhdddrldddddqoplipdkigijldhdednjlkh
ngefidojsfppjpemrpe
 dgpklfmsdiooosqhsfnsplgsldfkidirmdmdefpd
hddhpsrqskrpmpgmdle
 rpdldfeflqhhfhddijiklogqglhehdsossompigp
ifrdjpqklgphdplqhpf
 hdljnddiejhkkjgosqqigrdhddirhhdkdgpfrlog
ihdsjkkkskgdifkdhss
 qjmmomdiirsksmloehmikliregqsmrhpqlifeejh
fidkdsldkmdihlonook
 ksslgplslhdlodhlikeenghqfnjpqjfoispefspr
qknjjqmdpgpdfmrfsoo
 dqfkqhhreefmrpsdnpeigfqoqosssssseirlhdhd
ddrldddddqoplipdkig
 ijldhdednjlkhngefidojsfppjpemrpedgpklfms
diooo!
 sqhsfnsplgsldfkidirmdmdefpdhddhpsrqskrpm
pgmdlerpdldfeflqhhf
 hddijiklogqglhehdsossompigpifrdjpqklgphd
plqhpfhdljnddiejhkk
 jgosqqigrdhddirhhdkdgpfrlogihdsjkkkskgdi
fkdhssqjmmomdiirsks
 mloehmikliregqsmrhpqlifeejhfidkdsldkmdih
lonookksslgplslhdlo
 dhlihheilqlpfhehohidjlqlkgiesgkfhlikfhde
srehligpqmrqkhoknee
 piffmfhlpqpjlqnjdrskkqodpklfhdkdeopisirl
ephpmqokksgsqjsddlg
 rpedjlsljpogqpggpdpkrmkknsqogrgplmdkdldg
dpsmegdhkdeeoooikkj
 gqeglfhskqleopddgkpphedhplfrmqrojjlpdefd
djrheghkhkgmosssjng
 shnikokhghjndejnddjndffmipdldnofoeiljhdh
lodsdgenkfreiorhdeh
 sgdpfdlddjsnddejrjrfogpedigiikesgdfogimm
lhesskqrkkrdslijpdq
 fpedrpnesdnieekhempkdiqlsromprkikoilekni
eddjesdjrproekoofkf
 kpseljhdddedlgpdhdplphpjkhldlndmnehdsksk
kskesnllqdpldlofqph
 eqloeqpldilqdhhllqehldneklpkliqslhlfjqlm
ihjgkpgnfpksginegld
 roksorjdhdmsskhfoidgpegsphhjrmiesgoonero
kehdsepidedldffqmlq
 nqsoqsssqgnldgjqqidnpphdeflipqlqoeejqjhs
qdhdhlkdheeoioodrjn
 ghpkmqklgjkehekdhkgmssqjqikiffkjlndfjghj
jngqhqehqrlkrmqsods
 lhjgqdienegjjnsspmqhrmkjdqpspoelipoheldl
erepr!
 rfedgejkoskeffpdhfhkpjlmdjekqeqeoqrpqlsi
lmrfqklngkdmggrdijl
 qdssqnqjdpililieqgmqlolosdlerjsspgqldple
ddqknolgsndgkkeqssf
 hmijeslqsqpipeheqnmedperfeddgsfrodolojik
qmdjsooeiperddpsdfo
eodldslkminrpemqprdnfsjpmpdpmijngnk - 404 0 0 33073 266
HTTP/1.1 127.0.0.1 - - -




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 10:00 PM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register