cd500 user
22nd of January 2005 (Sat), 13:32
After reading some of the other worm attack types I went through my tmp dir (it was clean) and logs and found a few of the following very strange log entries. It starts out like this:
24.77.244.56 - - [08/Jan/2005:21:23:01 -0500] "SEARCH /\x90\x02\xb1\x02\xb1\...
then continues for over 10,000 characters until it changes to
...\x90\x90\x90\x90\...
for another 16,000 characters! The entire search string in the log is 29,224 characters long!! After the end quotes the log shows a 414 386. The 414 is a "URI Too Long" error which makes me feel better, but I don't know what the 386 is. These entries are really random and occur every few days. Anyone have any ideas as to what this is? I have been having issues with Apache crashing randomly and I suspect this could be the cause.
Thanks,
Patrick
24.77.244.56 - - [08/Jan/2005:21:23:01 -0500] "SEARCH /\x90\x02\xb1\x02\xb1\...
then continues for over 10,000 characters until it changes to
...\x90\x90\x90\x90\...
for another 16,000 characters! The entire search string in the log is 29,224 characters long!! After the end quotes the log shows a 414 386. The 414 is a "URI Too Long" error which makes me feel better, but I don't know what the 386 is. These entries are really random and occur every few days. Anyone have any ideas as to what this is? I have been having issues with Apache crashing randomly and I suspect this could be the cause.
Thanks,
Patrick