Security Portal: Ask Buffy - Strange Entries in Apache Log and Port Sniffers

Mar 01, 2001, 23:56 (0 Talkback[s])
(Other stories by Buffy)

"Lately I have seen some weird and funky entries in my Apache access_log and /var/log/messages.

One of them is this entry:

        211.216.216.97 - - [27/Feb/2001:13:11:00
        +0100] "GET /index.htm%20XCVC/7.0 HTTP/1.1"
        404 311

What is this string: %20XCVC/7.0? And was he scanning for some vulnerable Web server, or was it generated by some Web tool?..."

"I'm curious about a recent article I read in an English computer magazine about port sniffers. If a person using such a program found an open port on someone's machine, how could they access it? And how can I protect myself from such an attack?..."

Complete Story

Related Stories:

• Security Portal: Ask Buffy - Log Analyzers for Apache and Tracking Down a Bogus Device(Feb 08, 2001)
• Security Portal: Ask Buffy - A fwinfo Script, Firewall Information and Stateful Firewalls(Jan 25, 2001)
• Security Portal: Ask Buffy - Microsoft and Unix, Logging User Activity and the S2ML standard(Jan 19, 2001)
• Security Portal: Ask Buffy - named pipes, IPSec documentation and dangerous protocols(Jan 11, 2001)
• Security Portal: Ask Buffy - Unix security tools, security of named pipes and encrypted stream attack detection(Jan 04, 2001)
• Security Portal: Ask Buffy - Apache Security and case law regarding network security(Dec 21, 2000)
• Security Portal: Ask Buffy - "owning" Apache, listing of port numbers and stateful firewalls(Dec 14, 2000)
• Security Portal: Ask Buffy - identifying an IP address, connecting a Linux machine to the Internet and more(Dec 08, 2000)
• Security Portal: Ask Buffy - Securing Against Root Exploits & PGP and Hushmail(Oct 20, 2000)