👤
Home Man
Search
Today's Posts
Register

Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

What are these events (from Proxy access logs)?

👤 Login to reply

 
Thread Tools Search this Thread
# 1  
Old 09-16-2016
What are these events (from Proxy access logs)?

Hi all,

I'm trying to identify what this is in my proxy access logs:

Code:
POST http://123.123.123.123/open/1

Followed by thousands of:

Code:
POST http://123.123.123.123/IVmYwvJKhJFesFjK/1001
POST http://123.123.123.123/IVmYwvJKhJFesFjK/1002
POST http://123.123.123.123/IVmYwvJKhJFesFjK/1003

Obviously the actual IP is omitted (pub internet address).

Your help would make my day!

Thanks all
# 2  
Old 03-14-2017
Correct me if I'm wrong but I'm thinking that those URLs do not contain the IP addresses of hosts accessing your proxy, but rather they are outbound POST requests FROM your 'clients' TO remote destinations.


This portion of the 2nd type URL you provided is typical of a 'folder' with a randomly generated name.
Code:
/IVmYwvJKhJFesFjK/

Folders like that are often used for legit purposes but those URLs also resemble a Slow Lorris attack. In that sort of scenario, the path and resource are arbitrary and likely don't exist. The objective is to flood the server with a bunch of requests that won't time-out, because the very end of the request header is crafted so it is purposely missing the full 0d 0a 0d 0a that the server expects.

Not really enough evidence to determine from your post.

EDIT: My first post on this forum and unfortunately, I NECROed. Sorry all.....

Last edited by bashomatic; 03-14-2017 at 05:14 PM.. Reason: Apologized for thread necro.
# 3  
Old 03-15-2017
This forum closes old threads automatically, that you were able to post in it means it wasn't old enough to be considered a necropost yet.
👤 Login to reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Connecting via proxy chain to Upstream proxy Russel IP Networking 0 07-01-2015 09:17 PM
shell script to grep 500 error messages from access logs coolguyamy Shell Programming and Scripting 1 12-22-2010 06:37 AM
Logs access in windows fetching the data from a unix server alvida Shell Programming and Scripting 1 07-16-2009 05:31 AM
Unable to access http site using wget through proxy memonks Shell Programming and Scripting 2 06-21-2009 01:32 AM
Software/tool to route an IP packet to proxy server and capture the Proxy reply as an Rajesh_BK IP Networking 0 02-19-2009 01:32 AM
view access logs telenet whothought1 UNIX for Dummies Questions & Answers 2 02-02-2005 08:39 PM
proxy logs Jeremy Johnson UNIX for Advanced & Expert Users 1 08-04-2004 05:55 PM


All times are GMT -4. The time now is 05:28 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?