Security Portal: Ask Buffy - Strange Entries in Apache Log and Port Sniffers
Mar 01, 2001, 23:56 (
(Other stories by
"Lately I have seen some weird and funky entries in my Apache
access_log and /var/log/messages.
One of them is this entry:
188.8.131.52 - - [27/Feb/2001:13:11:00
+0100] "GET /index.htm%20XCVC/7.0 HTTP/1.1"
What is this string: %20XCVC/7.0? And was he scanning for some
vulnerable Web server, or was it generated by some Web tool?..."
"I'm curious about a recent article I read in an English
computer magazine about port sniffers. If a person using such a
program found an open port on someone's machine, how could they
access it? And how can I protect myself from such an
Security Portal: Ask Buffy - Log Analyzers for Apache and Tracking Down a Bogus Device(Feb 08, 2001)
Security Portal: Ask Buffy - A fwinfo Script, Firewall Information and Stateful Firewalls(Jan 25, 2001)
Security Portal: Ask Buffy - Microsoft and Unix, Logging User Activity and the S2ML standard(Jan 19, 2001)
Security Portal: Ask Buffy - named pipes, IPSec documentation and dangerous protocols(Jan 11, 2001)
Security Portal: Ask Buffy - Unix security tools, security of named pipes and encrypted stream attack detection(Jan 04, 2001)
Security Portal: Ask Buffy - Apache Security and case law regarding network security(Dec 21, 2000)
Security Portal: Ask Buffy - "owning" Apache, listing of port numbers and stateful firewalls(Dec 14, 2000)
Security Portal: Ask Buffy - identifying an IP address, connecting a Linux machine to the Internet and more(Dec 08, 2000)
Security Portal: Ask Buffy - Securing Against Root Exploits & PGP and Hushmail(Oct 20, 2000)