[Snort-users] (no subject)

Larry Wichman larrywichman at ...131...
Mon Sep 12 12:48:29 EDT 2005


hello all- 
I am seeing several URL requests from one IP address (China) with the URL over and over 
 
http://whateva.mydomain.comhttp://whateva.mydomain.comhttphttp://whateva.mydomain.com
httphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.
comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp
http://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp
 
This has triggered the following signature; WEB-MISC Invalid HTTP Version String 
 
I read the description of the signature and it does not appear as though I am vulnerable to the exploit that is discussed. However, I am a bit concerned with the amount of requests (thousands). Does anyone have any ideas as to what type of exploit this could be?
 
Larry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050912/5519218b/attachment.html>


More information about the Snort-users mailing list