[Tfug] New Attacks?
John C. Dale
jcd at downinthedesert.com
Wed Jun 30 09:41:30 MST 2004
Yes - I have some record of what looks like a buffer overflow attack.
I'm not running apache, and nothing seems to have been compromised.
Does anyone know of a service that will validate/identify the signature
of the binary information in the HTTP POST to determine what kind of
attack is being levied?
JCD
Jim Secan wrote:
>There's either a new beastie roaming around out there, or an old one just
>found my site. In the last three days I've had a sudden flurry of attempts
>to POST to a range of cgi scripts on my apache server (none of which I
>have, so nothing happens). The typical pattern is to get 10-15 of these in
>a few seconds, all from different IP addresses. This recurs two or three
>times an hour. So far there's no problem on my end other than the
>annoyance of filling up my access and error logs and eating at bandwidth,
>but I could see something like this escalate. Anyone else seeing activity
>similar to this on their apache servers?
>
>Jim
>*---------------------*-------------------------------*
>| Jim Secan | Northwest Research Assoc, Inc |
>| (jim at nwra.com) | 2455 E. Speedway, Suite 204 |
>| (520) 319-7773 | Tucson, Arizona 85719 |
>| Space Weather Info: http://www.nwra-az.com/ |
>*---------------------*-------------------------------*
>_______________________________________________
>tfug mailing list
>tfug at tfug.org
>https://www.tfug.org/mailman/listinfo/tfug
>
>
>
>
--
John C. Dale
MS MIS, December 2005
The Eller College of Management
The University of Arizona
Tucson, Arizona
jcd at downinthedesert.com
http://www.downinthedesert.com
More information about the tfug
mailing list