Special Forums Cybersecurity What are these events (from Proxy access logs)? Post 302993820 by bashomatic on Tuesday 14th of March 2017 05:11:24 PM
Correct me if I'm wrong but I'm thinking that those URLs do not contain the IP addresses of hosts accessing your proxy, but rather they are outbound POST requests FROM your 'clients' TO remote destinations.

This portion of the 2nd type URL you provided is typical of a 'folder' with a randomly generated name.

Folders like that are often used for legit purposes but those URLs also resemble a Slow Lorris attack. In that sort of scenario, the path and resource are arbitrary and likely don't exist. The objective is to flood the server with a bunch of requests that won't time-out, because the very end of the request header is crafted so it is purposely missing the full 0d 0a 0d 0a that the server expects.

Not really enough evidence to determine from your post.

EDIT: My first post on this forum and unfortunately, I NECROed. Sorry all..... Smilie

Last edited by bashomatic; 03-14-2017 at 07:14 PM.. Reason: Apologized for thread necro.
Test Your Knowledge in Computers #49
Difficulty: Easy
A USB hard drive is considered to be a primary storage device for personal computers.
True or False?

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

proxy logs

Hi, I'm a newbie, and I wanted to know where I go to check proxy logs on an hp? Any help is nice. (1 Reply)
Discussion started by: Jeremy Johnson
1 Replies

2. UNIX for Dummies Questions & Answers

view access logs telenet

Hello one of my sites i host is doing somewhat well in the search engines, and i would like to watch the raw log files while looged in with telenet is there a way to do this. thanx Mike (2 Replies)
Discussion started by: whothought1
2 Replies

3. IP Networking

Software/tool to route an IP packet to proxy server and capture the Proxy reply as an

Hi, I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
Discussion started by: Rajesh_BK
0 Replies

4. Shell Programming and Scripting

Unable to access http site using wget through proxy

Hi there I am currently trying to access an http site using the wget utility from a solaris box. I am going through proxies to do this and we have two types of proxies. For the first one, which is a netcache proxy, I am able to use the wget command to export the proxy information export... (2 Replies)
Discussion started by: memonks
2 Replies

5. Shell Programming and Scripting

Logs access in windows fetching the data from a unix server

How I can get the logs that are getting stored in specific location in unix server through an Apache web server installed in unix server? Requirement is to access the logs through the URL in windows browser without any access. (1 Reply)
Discussion started by: alvida
1 Replies

6. Shell Programming and Scripting

shell script to grep 500 error messages from access logs

Hello Team, I need help to improve my script which is used to grep 500 error messages in the logs. I am using following logic in the script to grep 500 error messages in the logs. var1=`awk '$9 == "500"' access_log | tail -1` The above logic is not useful if logs are not getting... (1 Reply)
Discussion started by: coolguyamy
1 Replies

7. IP Networking

Connecting via proxy chain to Upstream proxy

I need to configure a proxy on my local machine to use an upstream proxy (installed on another machine). The upstream proxy requires Digest/NTLM authorization. I want the local proxy to deal with the upstream proxy's authorization details and provides authorization free access to users that connect... (0 Replies)
Discussion started by: Russel
0 Replies
LWP-REQUEST(1)						User Contributed Perl Documentation					    LWP-REQUEST(1)

lwp-request, GET, HEAD, POST - Simple WWW user agent SYNOPSIS
lwp-request [-aeEdvhx] [-m method] [-b <base URL>] [-t <timeout>] [-i <if-modified-since>] [-c <content-type>] [-C <credentials>] [-p <proxy-url>] [-o <format>] <url>... DESCRIPTION
This program can be used to send requests to WWW servers and your local file system. The request content for POST and PUT methods is read from stdin. The content of the response is printed on stdout. Error messages are printed on stderr. The program returns a status value indicating the number of URLs that failed. The options are: -m <method> Set which method to use for the request. If this option is not used, then the method is derived from the name of the program. -f Force request through, even if the program believes that the method is illegal. The server might reject the request eventually. -b <uri> This URI will be used as the base URI for resolving all relative URIs given as argument. -t <timeout> Set the timeout value for the requests. The timeout is the amount of time that the program will wait for a response from the remote server before it fails. The default unit for the timeout value is seconds. You might append "m" or "h" to the timeout value to make it minutes or hours, respectively. The default timeout is '3m', i.e. 3 minutes. -i <time> Set the If-Modified-Since header in the request. If time it the name of a file, use the modification timestamp for this file. If time is not a file, it is parsed as a literal date. Take a look at HTTP::Date for recogniced formats. -c <content-type> Set the Content-Type for the request. This option is only allowed for requests that take a content, i.e. POST and PUT. You can force methods to take content by using the "-f" option together with "-c". The default Content-Type for POST is "applica- tion/x-www-form-urlencoded". The default Content-type for the others is "text/plain". -p <proxy-url> Set the proxy to be used for the requests. The program also loads proxy settings from the environment. You can disable this with the "-P" option. -H <header> Send this HTTP header with each request. You can specify several, e.g.: lwp-request -H 'Referer: http://other.url/' -H 'Host: somehost' http://this.url/ -C <username>:<password> Provide credentials for documents that are protected by Basic Authentication. If the document is protected and you did not specify the username and password with this option, then you will be prompted to provide these values. The following options controls what is displayed by the program: -u Print request method and absolute URL as requests are made. -U Print request headers in addition to request method and absolute URL. -s Print response status code. This option is always on for HEAD requests. -S Print response status chain. This shows redirect and autorization requests that are handled by the library. -e Print response headers. This option is always on for HEAD requests. -d Do not print the content of the response. -o <format> Process HTML content in various ways before printing it. If the content type of the response is not HTML, then this option has no effect. The legal format values are; text, ps, links, html and dump. If you specify the text format then the HTML will be formatted as plain latin1 text. If you specify the ps format then it will be for- matted as Postscript. The links format will output all links found in the HTML document. Relative links will be expanded to absolute ones. The html format will reformat the HTML code and the dump format will just dump the HTML syntax tree. -v Print the version number of the program and quit. -h Print usage message and quit. -x Extra debugging output. -a Set text(ascii) mode for content input and output. If this option is not used, content input and output is done in binary mode. Because this program is implemented using the LWP library, it will only support the protocols that LWP supports. SEE ALSO
lwp-mirror, LWP COPYRIGHT
Copyright 1995-1999 Gisle Aas. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. AUTHOR
Gisle Aas <gisle@aas.no> libwww-perl-5.65 2002-01-02 LWP-REQUEST(1)

Featured Tech Videos

All times are GMT -4. The time now is 09:22 AM.
Unix & Linux Forums Content Copyright 1993-2020. All Rights Reserved.
Privacy Policy