Snort mailing list archives

(no subject)

From: Larry Wichman <larrywichman () yahoo com>
Date: Mon, 12 Sep 2005 12:46:57 -0700 (PDT)

hello all- 
I am seeing several URL requests from one IP address (China) with the URL over and over 
 
http://whateva.mydomain.comhttp://whateva.mydomain.comhttphttp://whateva.mydomain.com
httphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.
comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp
http://whateva.mydomain.comhttphttp://whateva.mydomain.comhttphttp://whateva.mydomain.comhttp
 
This has triggered the following signature; WEB-MISC Invalid HTTP Version String 
 
I read the description of the signature and it does not appear as though I am vulnerable to the exploit that is 
discussed. However, I am a bit concerned with the amount of requests (thousands). Does anyone have any ideas as to what 
type of exploit this could be?
 
Larry

Current thread:

RE: (no subject), (continued)
- - RE: (no subject) Jeff Dell (Aug 01)
    - Re: (no subject) Jason Benway (Aug 01)
  - Re: (no subject) Jason Brvenik (Aug 01)
    - Re: (no subject) Jason Benway (Aug 01)
    - Re: (no subject) Jason Brvenik (Aug 01)
    - Re: (no subject) Jason Benway (Aug 01)
- RE: (no subject) Joshua Berry (Aug 01)
- (no subject) T.C. (Sep 02)
  - RE: (no subject) Paul Melson (Sep 02)
  - RE: (no subject) Patrick Harper (Sep 02)
- (no subject) Larry Wichman (Sep 12)