Re: Excessively large URI attacks

That's precisely what I'm seeing.  They aren't breaking anything on my 
end either, but they're excessively long.  This certainly seems 
different than the average Webdav attacks we've been seeing, but perhaps 
it's just an attempt to exploit a generic overflow.  Anyone have any 
thoughts?

         -Barry

Tom Glaab wrote:

> > Has anyone seen an uptick in attacks using excessively large URIs and 
> > SEARCH strings?
>
>
>
> No uptick, but I've been seeing them for a few weeks. They don't seem 
> to be breaking anything and there's been no discussion here, so I've 
> just been watching them.
>
> They all look the same: 65.43.212.205 - - [02/May/2004:17:03:21 -0400] 
> "SEARCH 
> /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x 
>
> 02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1..... 
>
>
> and end with pages of \x90
>
> tg.
>
>
>
> _______________________________________________
> Intrusions mailing list
> Intrusions@xxxxxxxxxxxxxx
> http://www.dshield.org/mailman/listinfo/intrusions

_______________________________________________
Intrusions mailing list
Intrusions@xxxxxxxxxxxxxx
http://www.dshield.org/mailman/listinfo/intrusions