Security Portal: Ask Buffy - Strange Entries in Apache Log and Port Sniffers
Mar 01, 2001, 23:56 (0 Talkback[s] )
(Other stories by Buffy )
"Lately I have seen some weird and funky entries in my Apache
access_log and /var/log/messages.
One of them is this entry:
211.216.216.97 - - [27/Feb/2001:13:11:00
+0100] "GET /index.htm%20XCVC/7.0 HTTP/1.1"
404 311
What is this string: %20XCVC/7.0? And was he scanning for some
vulnerable Web server, or was it generated by some Web tool?..."
"I'm curious about a recent article I read in an English
computer magazine about port sniffers. If a person using such a
program found an open port on someone's machine, how could they
access it? And how can I protect myself from such an
attack?..."
Complete
Story
Related Stories:
Security Portal: Ask Buffy - Log Analyzers for Apache and Tracking Down a Bogus Device (Feb 08, 2001)
Security Portal: Ask Buffy - A fwinfo Script, Firewall Information and Stateful Firewalls (Jan 25, 2001)
Security Portal: Ask Buffy - Microsoft and Unix, Logging User Activity and the S2ML standard (Jan 19, 2001)
Security Portal: Ask Buffy - named pipes, IPSec documentation and dangerous protocols (Jan 11, 2001)
Security Portal: Ask Buffy - Unix security tools, security of named pipes and encrypted stream attack detection (Jan 04, 2001)
Security Portal: Ask Buffy - Apache Security and case law regarding network security (Dec 21, 2000)
Security Portal: Ask Buffy - "owning" Apache, listing of port numbers and stateful firewalls (Dec 14, 2000)
Security Portal: Ask Buffy - identifying an IP address, connecting a Linux machine to the Internet and more (Dec 08, 2000)
Security Portal: Ask Buffy - Securing Against Root Exploits & PGP and Hushmail (Oct 20, 2000)