Results 1 to 2 of 2

Thread: ridiculously long URL requested

  1. #1
    Member
    Join Date
    Jan 2007
    Location
    Adelaide, Australia
    Posts
    112

    ridiculously long URL requested

    Can it be considered a possible way to circumvent apache security by sending the server a super long request to attempt to overflow a buffer? I have had this turn up in my access log:

    24.127.135.213 - - [28/Mar/2007:18:09:25 +0930] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 406 280 "-" "-"
    24.127.135.213 - - [28/Mar/2007:18:09:26 +0930] "SEARCH /\x90\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\x04H\ x04...
    This x04H pattern repeats for about 3 pages worth and is all part of a url requested from my server and terminates with the same as above.

    This was in my error log:

    [Wed Mar 28 18:09:25 2007] [error] [client 24.127.135.213] mod_security: Access denied with code 406. Pattern match "^$" at HEADER("USER-AGENT") [severity "EMERGENCY"] [hostname "mechdaves.broadband.hostname.from.isp"] [uri "/_vti_bin/_vti_aut/fp30reg.dll"]
    [Wed Mar 28 18:09:26 2007] [error] [client 24.127.135.213] request failed: URI too long (longer than 8190)

    To me it seems like some sort of probe to find a weak windows machine (see the windows dll name). Any ideas?

    Cheers,
    Mechdave

  2. #2
    A quick google shows that those are IIS related exploits, so you may assume a warm smug feeling
    The second error log entry suggests that your web server has got that type of buffer overflow attempt covered. The first one is interesting as a pattern match of ^$ suggests a blank user agent - ie the program making the request does not even pretend to be any particular browser, which apparently your web server protects against.

Similar Threads

  1. Been too long
    By mcdougrs in forum General Chat
    Replies: 5
    Last Post: 09-19-2005, 05:12 PM
  2. The long arm of the law
    By Fatal Error in forum General Chat
    Replies: 1
    Last Post: 08-03-2005, 04:41 PM
  3. Gone for so long
    By Asbenson in forum General Chat
    Replies: 4
    Last Post: 07-30-2004, 06:04 PM
  4. Kernel requested
    By Qubit in forum Linux - General Topics
    Replies: 5
    Last Post: 02-23-2002, 09:11 AM
  5. Working with long long in C
    By kenshi in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 12-03-2001, 12:17 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •