|
|
Re: Excessively large URI attacks: msg#00010security.intrusions
Are you seeing large numbers of something like 'SEARCH /AAAAA'(lots of 'A')? If so, from what I can tell it's a MS Webdav exploit used by welchia and phatbot, among others... you can read about it at securityfocus: http://www.securityfocus.com/bid/7116 I've been seeing an increase for quite a while now... Alva Lease 'Skip' Duckwall IV CISSP, RHCE, SCSA working on the GCIA practical right now.... skip@xxxxxxxxxxxx On Wed, 5 May 2004, Barry Fitzgerald wrote: > > Has anyone seen an uptick in attacks using excessively large URIs and > SEARCH strings? > > I'm getting a small number of these and was wondering if there's some > automated tool out there that could be generating these. > > Thanks in advance. > > -Barry > > _______________________________________________ > Intrusions mailing list > Intrusions@xxxxxxxxxxxxxx > http://www.dshield.org/mailman/listinfo/intrusions > _______________________________________________ Intrusions mailing list Intrusions@xxxxxxxxxxxxxx http://www.dshield.org/mailman/listinfo/intrusions |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Excessively large URI attacks: 00010, Tom Glaab |
|---|---|
| Next by Date: | [LOGS] Summary of large-scale portscanning detects: 00010, Ken . Connelly |
| Previous by Thread: | Re: Excessively large URI attacksi: 00010, Barry Fitzgerald |
| Next by Thread: | Re: Excessively large URI attacks: 00010, blaine.hein |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |