Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NNNNNNNNNNNNNNNNNNNNNN??????

Status
Not open for further replies.
Cadwalader

Cadwalader

IS-IT--Management
Feb 12, 2002
297
US
In my access log, I have been seeing something like 216.103.71.216 - - [12/Aug/2002:23:41:00 -0400] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 322 I know it's a buffer overflow attack, I got the hotfix for IIS and IIS is actually disabled. Is there anyway to stop these attacks??? HELP?!?!
Thanks...
 
Sort by date Sort by votes
The only way to stop the attacks is to see who owns that IP and contact the abuse department of the owner. It's then up to them to disable that server sending those attacks. //Daniel
 
Upvote 0 Downvote
If you have a firewall, you can also lock that IP address out of your network. ______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
This is yet another IIS attack. It won't affect your apache system, so you only have to worry about it filling up your logs...

Learning to ignore IIS attacks is part of the joy of being an apache admin.
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top