Hi Maxime,
What's the state of your Apache SSL configuration ?
Not necessarly a hack activity attempt if you forget to add a <IfDefine SSL>
Listen 443</IfDefine> and in vhost part in your apache configuration file.
Cheers,
SUPINFO
SLA - SUPINFO Laboratories
Cisco Lab.
Ecole Supérieure d'Informatique
Paris Academy Of Computer Science
23, rue Château Landon
F-75010 Paris - France François Ropert
Cisco Lab. Coordinator
Tel: +33 (0) 1 53359700
Fax: +33 (0) 1 53359701 http://www.supinfo.com
http://www.labo-cisco.com
-----Message d'origine-----
De : listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] De
la part de Maxime Ducharme
Envoyé : jeudi 9 novembre 2006 16:51
À : incidents@securityfocus.com
Objet : \x HTTP requests
Hello list
I see these HTTP request and I'm looking for more information :
...
x.x.x.1 - - [06/Nov/2006:17:33:23 -0500] "\x16\x03" 200 8 "-" "-"
x.x.x.2 - - [07/Nov/2006:16:26:21 -0500] "\x80m\x01\x03\x01" 200 8 "-" "-"
x.x.x.2 - - [07/Nov/2006:16:26:21 -0500] "\x80m\x01\x03" 200 8 "-" "-"
x.x.x.3 - - [08/Nov/2006:05:06:21 -0500] "\x80|\x01\x03\x01" 200 8 "-" "-"
Would it be someone attempting to send https request on my port 80 ?
Any clue would be appreciated
Have a nice day
Maxime Ducharme
----------------------------------------------------------------------------
--
This List Sponsored by: Black Hat
Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las
Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of
your
security environment. Featuring 36 hands-on training courses and 10
conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.
http://www.blackhat.com
----------------------------------------------------------------------------
--
---------------------------------
Ce message et toutes les pieces jointes (ci-apres dénommé le "message") sont
etablis a l'attention exclusive de ses destinataires et sont donc
confidentiels. Si toutefois vous recevez ce message par erreur, nous vous
remercions de bien vouloir le detruire et d'en avertir immediatement
l'expediteur au sein de l'Ecole Supérieure d'Informatique de Paris (ci-après
dénommée "SUPINFO"). Toute utilisation de ce message non conforme a sa
destination, toute diffusion ou toute publication, totale ou partielle, est
interdite, sauf autorisation expresse. Internet ne permettant pas d'assurer
l'integrite des messages e-mail en général et donc de ce message en
particulier, SUPINFO et ses filiales, sites régionaux, laboratoires ou autres
entités attachées, declinent toute responsabilite au titre du présent message
qui ne pourrait engager que son auteur et non SUPINFO et seulement dans
l'hypothese ou le message n'aurait pas ete modifie par quelque moyen que ce
soit.
---------------------------------
This message and any attachments (hereinafter referred to as the "message") is
intended solely for the addressees and is confidential. If you receive this
message in error, please delete it and immediately notify the sender at Paris
Academy of Computer Science (hereinafter referred to as "SUPINFO"). Any use not
in accord with its purpose, any dissemination or disclosure, either whole or
partial, is prohibited except formal approval. Because the internet can not
guarantee the integrity of this message, SUPINFO and its subsidiaries,
laboratories and regional branches will not therefore be liable for the message
that could only engage his author, not SUPINFO, and only if not modified.
---------------------------------
smime.p7s
Description: S/MIME cryptographic signature
