[Dshield] Curious outbound firewall log entry

Johannes Ullrich jullrich at euclidian.com
Sat Mar 15 03:14:23 GMT 2003

On Fri, 14 Mar 2003 20:12:34 -0500
"Dale Sampson" <dalejsampson at ameritech.net> wrote:

> Linksys firewall log showed the following outbound entry today:
> 3/14/2003 11:10:16.936
> Source:
> Dest: 

There is a web server running on that port at this IP. So I assume its
a web bug.

nc 1001
GET / HTTP/1.0 *

HTTP/1.1 400 Bad Request
Date: Sat, 15 Mar 2003 03:25:52 GMT
Server: Apache/1.3.27 (Unix)  (Red-Hat/Linux) mod_gzip/ mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<TITLE>400 Bad Request</TITLE>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
The request line contained invalid characters following the protocol string.<P>
<ADDRESS>Apache/1.3.27 Server at Port 80</ADDRESS>

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

More information about the list mailing list