[lug] New attack?
Andrew R. Diederich
diederic at boulder.net
Mon Jul 8 09:34:44 MDT 2002
On Mon, 8 Jul 2002 rm at fabula.de wrote:
>
> Hmm, the 'Host' header isn't really part of the HTTP request line ...
> Just looking at the (IIS) server that's answering under the IP address in
> the log file - why would anybody start a request from a server ? (:-)
> It could be that the server itself is infected and scans other servers
> (or it could be a sysadmin trying to test his/her server misstyping an
> URL/Ip address ;-)
>
> Ralf
You're right. I saw the 1.3.26 bit but you didn't describe a 400 Illegal
Request error, so it's not the same thing. They might have changes
something else as well, but it probably would have turned up already.
--
Andrew
More information about the LUG
mailing list