Counts

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #154,887 by jbrabeck 5/12/04 4:33:06 PM Reply	Counts 1 x90 1066 x02 alternating with 1067 xb1 5985 x90 havent' a clue what it means. x02 == STX and xb1 = \ufffd otherwise clueless.
Post #154,889 by pwhysall 5/12/04 4:36:46 PM Reply	Initial thoughts 1. it's some kind of buffer overflow exploit. 2. That doesn't fly with me, because the majority of it (i.e. the stuff that'd get left on the stack) is 0x9, over and over again. 3. Someone's web browser/spider/wget/curl/thing broke and broke hard. 4. I'm making it up now. I don't really have a clue. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #154,890 by jbrabeck 5/12/04 4:41:00 PM Reply	Not 0x9 by x90 not that is should matter then ended with 414 351 "-" "-"
Post #154,898 by folkert 5/12/04 5:17:50 PM Reply	I get those about every 10 minutes at my default webserver www.gregfolkert.net gets at least 6 of those an hour. Typically. I took a look, it is the more recent IIS or MSSQL Worm variants... or still another one of the old ones. And yes, it is trying to over-flow the folder traversal thinger or some such crap. Funny, it just falls off apache like water off a ducks back. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* Give a man a match, he'll be warm for a minute. Set him on fire, he'll be warm for the rest of his life!

WTF is this? - (pwhysall) - (4) - May 12, 2004, 04:05:41 PM EDT

Counts - (jbrabeck) - (3) - May 12, 2004, 04:33:06 PM EDT

Initial thoughts - (pwhysall) - (2) - May 12, 2004, 04:36:46 PM EDT

Not 0x9 by x90 not that is should matter - (jbrabeck) - May 12, 2004, 04:41:00 PM EDT

I get those about every 10 minutes at my default webserver - (folkert) - May 12, 2004, 05:17:50 PM EDT

Six harpies are singin' on the lee!
34 ms