Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: strange apache log entry

strange apache log entry

From: <narga_at_gmx.net>
Date: Sat, 10 Aug 2002 18:50:15 +0200 (MEST)

Yesterday I saw this in my logs (apache 2.0.39 acces_log):
::1 - - [10/Aug/2002:00:25:56 +0200] "CONNECT :::2121 HTTP/1.1" 400 267
::1 - - [10/Aug/2002:00:33:31 +0200] "CONNECT :::2121 HTTP/1.1" 400 267

error_log:
[Sat Aug 10 00:25:56 2002] [error] [client ::1] request failed: error
reading the
headers
[Sat Aug 10 00:33:31 2002] [error] [client ::1] request failed: error
reading the
headers

It seems like someone wants to connect to my port 2121 through a proxy. The
strange
thing is, that there isn't any ip. My firewall (SuSEfirewall, an ipchains
based
firewall from suse), didn't log anything, snort didn't log anything too. I
wasn't
able to reproduce this by sending the request manually to port 80.

My question: is this a bug in apache, or what else happened? 

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

  • application/octet-stream attachment: _
Received on Aug 12 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos