Unusual & frequent web server request.
April 4, 2004 8:41 PM   Subscribe

I've been getting "/\x90\x02\xb1\x02\xb1\x02\xb1\"with the "/x90" repeated over and over again in my site's visitor logs and was wondering what it means.
posted by drezdn to Computers & Internet (4 answers total)
It's a WebDav exploit attempt, I believe. Feel free to ignore it if you're not running IIS.
posted by cmonkey at 8:47 PM on April 4, 2004

Someone is attempting to see if your system is susceptible to a particular buffer overflow.

In computer programs, memory space is allotted for variables defined in the program, and when user input is read into these variables without being checked, a buffer overflow may occur, and the attacker could be able to run arbitrary code on your system, if your system is vulnerable.

That long string of hexadecimal characters is called shellcode.

No cause for alarm, though.
posted by pemulis at 9:12 PM on April 4, 2004

Here's an MS Security Bulletin on the exploit:


posted by pemulis at 9:19 PM on April 4, 2004

Yeah, been seeing a lot of that too; More than is to be expected from usual background vulnerability-scanning. Does anybody know if perhaps there's a worm out there trying this?
posted by fvw at 10:36 PM on April 4, 2004

« Older Like David Eggers, only female.   |   Cleaning services Newer »
This thread is closed to new comments.