[GLLUG] Apache2 access_log
STeve Andre'
andres at msu.edu
Wed May 3 19:42:42 EDT 2006
On Wednesday 03 May 2006 19:36, Caleb Cushing wrote:
> what is this?
>
> 67.167.118.5 - - [03/May/2006:14:38:22 -0400] "SEARCH
> /\x90\xc9\xc9\xc9\xc9\xc9\
> xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9
>\xc9\.... ....90\x90\x90\x90\x90\x90\x90\x....
>
> those characters repeat for a long time.... why?
Heh. Thats shell code. You are being hit by an exploit of some
kind, most likely for MS's IIS horror.
x90 is a NOP for i386. Yup, definitely something designed to
slither into a system. ;-)
--STeve Andre'
More information about the linux-user
mailing list