Security Incidents: Re: Unusual entry in Apache logs

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Unusual entry in Apache logs

From: krymson () gmail com
Date: 30 May 2008 13:46:42 -0000

Probably a socks proxy scan.


<- snip ->
I have of late seen a few entries such as this ...

125.224.192.192 - - [29/May/2008:09:15:34 -0500] "\x05\x01" 501 3100 "-" "-"

... in my Apache webserver logs. They are the only entry in
the log for the particular source IP; that is, they don't
represent an anomaly in an otherwise normal session. Such
entries record the only contact made by the source IP.

GOOGLE hasn't told me anything interesting; does anyone know
what this is?

Many thanks for any ideas.

Best regards,

Neil Dickey, Ph.D.
email: neil (at) geol.niu (dot) edu [email concealed]
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois, U.S.A.
60115

By Date By Thread

Current thread:

Re: Unusual entry in Apache logs, (continued)
- Re: Unusual entry in Apache logs Jonathan Adams (May 30)
  - Re: Unusual entry in Apache logs Jonathan Adams (May 30)
- Re: Unusual entry in Apache logs Kosala Atapattu (May 30)
- Re: Unusual entry in Apache logs Rob Thomas (May 30)
  - Re: Unusual entry in Apache logs Kevin Day (May 30)
- Re: Unusual entry in Apache logs krymson (May 30)
- Re: Unusual entry in Apache logs Neil Dickey (May 30)