Incidents
\x HTTP requests Nov 09 2006 03:51PM
Maxime Ducharme (mducharme cybergeneration com) (4 replies)
Re: \x HTTP requests Nov 10 2006 03:01PM
Richard Sammet (richard sammet googlemail com)
RE: \x HTTP requests Nov 09 2006 09:56PM
Maxime Ducharme (mducharme cybergeneration com)
RE: \x HTTP requests Nov 09 2006 09:03PM
ROPERT François (Francois ROPERT supinfo com)
Hi Maxime,

What's the state of your Apache SSL configuration ?
Not necessarly a hack activity attempt if you forget to add a <IfDefine SSL>
Listen 443</IfDefine> and in vhost part in your apache configuration file.

Cheers,

SUPINFO

SLA - SUPINFO Laboratories
Cisco Lab.
Ecole Supérieure d'Informatique
Paris Academy Of Computer Science
23, rue Château Landon
F-75010 Paris - France François Ropert
Cisco Lab. Coordinator
Tel: +33 (0) 1 53359700
Fax: +33 (0) 1 53359701 http://www.supinfo.com
http://www.labo-cisco.com

-----Message d'origine-----
De : listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] De
la part de Maxime Ducharme
Envoyé : jeudi 9 novembre 2006 16:51
À : incidents (at) securityfocus (dot) com [email concealed]
Objet : \x HTTP requests

Hello list

I see these HTTP request and I'm looking for more information :

...
x.x.x.1 - - [06/Nov/2006:17:33:23 -0500] "\x16\x03" 200 8 "-" "-"
x.x.x.2 - - [07/Nov/2006:16:26:21 -0500] "\x80m\x01\x03\x01" 200 8 "-" "-"
x.x.x.2 - - [07/Nov/2006:16:26:21 -0500] "\x80m\x01\x03" 200 8 "-" "-"
x.x.x.3 - - [08/Nov/2006:05:06:21 -0500] "\x80|\x01\x03\x01" 200 8 "-" "-"

Would it be someone attempting to send https request on my port 80 ?

Any clue would be appreciated

Have a nice day

Maxime Ducharme

------------------------------------------------------------------------
----
--
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las
Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of
your
security environment. Featuring 36 hands-on training courses and 10
conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------
----
--

---------------------------------

Ce message et toutes les pieces jointes (ci-apres dénommé le "message") sont etablis a l'attention exclusive de ses destinataires et sont donc confidentiels. Si toutefois vous recevez ce message par erreur, nous vous remercions de bien vouloir le detruire et d'en avertir immediatement l'expediteur au sein de l'Ecole Supérieure d'Informatique de Paris (ci-après dénommée "SUPINFO"). Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Internet ne permettant pas d'assurer l'integrite des messages e-mail en général et donc de ce message en particulier, SUPINFO et ses filiales, sites régionaux, laboratoires ou autres entités attachées, declinent toute responsabilite au titre du présent message qui ne pourrait engager que son auteur et non SUPINFO et seulement dans l'hypothese ou le message n'aurait pas ete modifie par quelque moyen que ce soit.

---------------------------------

This message and any attachments (hereinafter referred to as the "message") is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender at Paris Academy of Computer Science (hereinafter referred to as "SUPINFO"). Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. Because the internet can not guarantee the integrity of this message, SUPINFO and its subsidiaries, laboratories and regional branches will not therefore be liable for the message that could only engage his author, not SUPINFO, and only if not modified.

---------------------------------

0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?
0?¢0?? D¾ ?P$´Ó6%%gÉ?0
 *?H?÷
0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0
990709172850Z
190709173658Z0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0?"0
 *?H?÷
?0?
?²9?¤ò}«A;bF7®ÍÁ`u¼9eùJG¢¹ÌHÌj?ÕM5¹¤BåÎIâ?/|Ò1ÇN´?d.)Õ¢dÄ?½?Q5y¤
Nh{z¤?¨ò?ò?Ìɤ2?» O0½?  ?ån¢Fúx¼¢o«Y^¥/ÏÊÚmª/묡³jª·.g5?yái?âæFÍ ¥ê¾ Îv:z?êüÚ'[=s"æHaÆ
Lói±¨.¶Ô1 ,¼???¤¥×?CüZ¯q×YÚº?
¯úóáÂð¤Åg?ÖÖT:Þ
¤ºw³eÈýÓtbªÊh?¡?~õGeËøMW(tÒ4ÿ0¶îöb0?,룁¹0¶0 UÆ0U
ÿ0ÿ0U??g}ĝ&pK´PH|Þ=®n}0XUQ0O0M K I?Ghttp://crl.u
sertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl0U%0
++0
 *?H?÷
?±ma]¦|«Jä0üSo%$ÆÊíâ1\+îîaUo>Ï9ÞÅI?äë L´æ?P.rٍõª£³JÚV`??Ü?¢­J½?+ÿ ´Æ× EäÍ?ºº+nΪ×?þä¯ëô&*l0?7/3¬ÝÇÑ?Q?²Ð£?Эö????B¸F¯kfð?êãåQÁªÕ
5r@?º1ÅhR?ߢ?Å\¦xæSO±è·Ó??¦Ãdã¬~qͼ?éÌûé¬1Á¯|t?òG¦Â2a×ÇoH$Q'¡
Õ?Uò{?=?îu¶øÐ?òóÆ®([§ðó6üÃÓÊJT0?×0?¿ ôdã½à·ä?ðèØ9Ò??0
 *?H?÷
0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0
060810000000Z
070810235959Z0æ1503U ,Comodo Trust Network - PERSONA NOT VALIDATED1F0DU =Terms and Conditions of use: http://www.comodo.net/repository10U (c)2003 Comodo Limited10UFrancois Ropert1*0( *?H?÷
 francois.ropert (at) supinfo (dot) com0 [email concealed]?0
 *?H?÷
0?ªâZ6ÔÎ
~?þm.i¶k=çä}¨ê¦,ãäÿè¢í¦èÛ¾?í ´2VaèR?,åOO?+??5}w"8£ 0Raï ¢¬±+?#?Y·Ôäø~E?MÚߺfu8a?¢M?}îÎ},[ùòk «|Àó?ræ?ÑJ¾NE£?80?40U
#0???g}ĝ&pK´PH|Þ=®n}0U?ÊK|i½Bô^?-ï˧K??º0Uÿ
 0 Uÿ00 U%0+ +²10 `?H?øB 0FU ?0=0; +²10+0)+https://secure.comodo.net/CPS0¥U0?0
L J H?Fhttp://crl.comodoca.com/UTN-USERFirst-ClientAuthenticationandEmai
l.crl0J H F?Dhttp://crl.comodo.net/UTN-USERFirst-ClientAuthenticationand
Email.crl0?+z0x0;+0?/http://crt.comodoca.com/UTNAddTr
ustClientCA.crt09+0?-http://crt.comodo.net/UTNAddTrustClientCA.c
rt0&U0francois.ropert (at) supinfo (dot) com0 [email concealed]
 *?H?÷
?]?¨?2zÎu#¢'!?íÁâLf{vu?ÄÃA6Ϥ"穼Ér;ICJ&ÏA.´?C??Ð??tÍ?
o'ã>?qÛ½?{ŵõ!uªÉ~( hyKlc¯M»5RéP$¡v®½ñ3&Çß­ËWz°þ¼?Â??<3V1Zý?*¿Ùb?ne÷h
wéÍ!Lì²?À«¹PòÑ\å?*ƯËüÚîÖ??B?>å×_PG
?Em 1ªU詾Û{e½?Ï! NÉ [`j?sd?
?»ÊûöMx)î×?éÔµÀé@9ôÉø׍ë:7éQþùf·©àÁù1?ç0?ã0Ä0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Emailôdã½à·ä?ðèØ9Ò??0 + ?x0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
061109210313Z0# *?H?÷
 1>HW?Ãy?-Â?/ 7iCE½ã 0g *?H?÷
 1Z0X0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0+0
*?H?÷
0Õ +?71Ç0Ä0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Emailôdã½à·ä?ðèØ9Ò??0× *?H?÷
  1Ç Ä0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Emailôdã½à·ä?ðèØ9Ò??0
 *?H?÷
?¾
(¿×ã-¸GÈAàØgÊÇ ûTQóHw?øq&Q?©JrCWg·DÛlÈÑÕÓ<tÔë¼9`ïà³$e|<4??\(^0÷:T¢?OnÚJù²Â³FLéÊ
¯t¼Ï?±²C¹???HxË?ç??ûIÝäùÈ=&eüF

[ reply ]
Re: \x HTTP requests Nov 09 2006 08:53PM
Thierry Zoller (Thierry Zoller lu)


 

Privacy Statement
Copyright 2010, SecurityFocus