|
|
RE: Excessively large URI attacks: msg#00018security.intrusions
Got more packets:-) A 1/2 dozen or so all from the same attack would be helpful. Donald.Smith@xxxxxxxxx GCIA http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC kill -13 111.2 > -----Original Message----- > From: intrusions-bounces@xxxxxxxxxxxxxx > [mailto:intrusions-bounces@xxxxxxxxxxxxxx] On Behalf Of Bruce Platt > Sent: Thursday, May 06, 2004 12:52 PM > To: Intrusions List (GCIA Practicals) > Subject: RE: [Intrusions] Excessively large URI attacks > > > Donald, > > Here's one I grabbed. I see 4-12 per day. All which I get > look just like this, save that each is directed at a > different IP on our net. Source IPs differ, each source IP > targets a different target IP. I lost the others from today, > so have only this one. :-( > > > > >From Acid: > > #(1 - 39021) [2004-05-06 01:14:38] [arachNIDS/474] > [snort/1070] WEB-MISC WebDAV search access > IPv4: 12.219.16.184 -> 12.16x.yyy.zzz > hlen=5 TOS=16 dlen=2960 ID=0 flags=0 offset=0 TTL=240 chksum=0 > TCP: port=4187 -> dport: 80 flags=***AP*** seq=1781825260 > ack=377583163 off=5 res=0 win=17520 urp=0 chksum=0 > Payload: length = 2920 It does appear to be a webdav overflow. The id,off,chksum all = 0 implies a crafted packet but this would be hard to spoof so the "attacker" is probably a virus/worm infected system. > > 000 : 53 45 41 52 43 48 20 2F 90 02 B1 02 B1 02 B1 02 > SEARCH /........ > 010 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 020 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 030 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 040 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 050 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 060 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 070 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 080 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 090 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 0a0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 0b0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 0c0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 0d0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 0e0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 0f0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 100 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 110 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 120 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 130 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 140 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 150 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 160 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 170 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 180 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 190 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 1a0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 1b0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 1c0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 1d0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 1e0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 1f0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 200 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 210 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 220 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 230 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 240 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 250 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 260 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 270 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 280 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 290 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 2a0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 2b0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 2c0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 2d0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 2e0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 2f0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 300 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 310 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 320 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 330 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 340 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 350 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 360 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 370 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 380 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 390 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 3a0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 3b0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 3c0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 3d0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 3e0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 3f0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 400 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 410 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 420 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 430 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 440 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 450 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 460 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 470 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 480 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 490 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 4a0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 4b0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 4c0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 4d0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 4e0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 4f0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 500 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 510 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 520 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 530 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 540 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 550 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 560 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 570 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 580 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 590 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 5a0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 5b0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 5c0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 5d0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 5e0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 5f0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 600 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 610 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 620 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 630 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 640 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 650 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 660 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 670 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 680 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 690 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 6a0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 6b0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 6c0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 6d0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 6e0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 6f0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 700 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 710 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 720 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 730 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 740 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 750 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 760 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 770 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 780 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 790 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 7a0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 7b0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 7c0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 7d0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 7e0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 7f0 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 800 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 810 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 820 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 830 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 840 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 850 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 > ................ > 860 : B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 02 B1 90 Begining of the NOOP slide > ................ > 870 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 880 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 890 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 8a0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 8b0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 8c0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 8d0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 8e0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 8f0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 900 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 910 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 920 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 930 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 940 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 950 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 960 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 970 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 980 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 990 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 9a0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 9b0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 9c0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 9d0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 9e0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > 9f0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a00 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a10 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a20 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a30 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a40 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a50 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a60 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a70 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a80 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > a90 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > aa0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > ab0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > ac0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > ad0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > ae0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > af0 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > b00 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > b10 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > b20 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > b30 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > b40 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > b50 : 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > ................ > b60 : 90 90 90 90 90 90 90 90 ........ More noops in the next packet with the actual webdav exploit maybe??? > > > > > -----Original Message----- > > From: Smith, Donald [mailto:Donald.Smith@xxxxxxxxx] > > Sent: Thursday, May 06, 2004 11:54 AM > > To: Intrusions List (GCIA Practicals) > > Subject: RE: [Intrusions] Excessively large URI attacks > > > > > > Got Packets? > > > > Donald.Smith@xxxxxxxxx GCIA > > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAF00EDCC > > pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 > AF00 EDCC kill > > -13 111/2 > > > > > -----Original Message----- > > > From: intrusions-bounces@xxxxxxxxxxxxxx > > > [mailto:intrusions-bounces@xxxxxxxxxxxxxx] On Behalf Of Barry > > > Fitzgerald > > > Sent: Thursday, May 06, 2004 7:37 AM > > > To: Intrusions List (GCIA Practicals) > > > Subject: Re: [Intrusions] Excessively large URI attacks > > > > > > > > > That's precisely what I'm seeing. They aren't breaking > > > anything on my > > > end either, but they're excessively long. This certainly seems > > > different than the average Webdav attacks we've been seeing, > > > but perhaps > > > it's just an attempt to exploit a generic overflow. Anyone > > have any > > > thoughts? > > > > > > -Barry > > > > > > Tom Glaab wrote: > > > > > > > > > > >> Has anyone seen an uptick in attacks using excessively > > > large URIs and > > > >> SEARCH strings? > > > > > > > > > > > > > > > > No uptick, but I've been seeing them for a few weeks. They > > > don't seem > > > > to be breaking anything and there's been no discussion > > > here, so I've > > > > just been watching them. > > > > > > > > They all look the same: 65.43.212.205 - - > > > [02/May/2004:17:03:21 -0400] > > > > "SEARCH > > > > > > > /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\ > > > x02\xb1\x02\xb1\x02\xb1\x02\xb1\x > > > > > > > > > > > > > > 02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 > > > > \x02\xb1..... > > > > > > > > > > > > and end with pages of \x90 > > > > > > > > tg. > > > > > > > > > > > > > > > > _______________________________________________ > > > > Intrusions mailing list > > > > Intrusions@xxxxxxxxxxxxxx > > > > http://www.dshield.org/mailman/listinfo/intrusions > > > > > > > > > > > > > > _______________________________________________ > > > Intrusions mailing list > > > Intrusions@xxxxxxxxxxxxxx > > > http://www.dshield.org/mailman/listinfo/intrus> ions > > > > > _______________________________________________ > > Intrusions mailing list > > Intrusions@xxxxxxxxxxxxxx > > http://www.dshield.org/mailman/listinfo/intrusions > > > _______________________________________________ > Intrusions mailing list > Intrusions@xxxxxxxxxxxxxx > http://www.dshield.org/mailman/listinfo/intrus> ions > _______________________________________________ Intrusions mailing list Intrusions@xxxxxxxxxxxxxx http://www.dshield.org/mailman/listinfo/intrusions |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | RE: Excessively large URI attacks: 00018, Bruce Platt |
|---|---|
| Next by Date: | [LOGS] Summary of large-scale portscanning detects: 00018, Ken . Connelly |
| Previous by Thread: | RE: Excessively large URI attacksi: 00018, Bruce Platt |
| Next by Thread: | RE: Excessively large URI attacks: 00018, James C Slora Jr |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |