Unix/Linux Go Back    

Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

What are these events (from Proxy access logs)?


Thread Tools Search this Thread Display Modes
Old Unix and Linux 09-16-2016   -   Original Discussion by STOIE
STOIE's Unix or Linux Image
STOIE STOIE is offline
Registered User
Join Date: Jun 2009
Last Activity: 16 September 2016, 4:20 AM EDT
Location: Canberra, Australia
Posts: 45
Thanks: 1
Thanked 0 Times in 0 Posts
What are these events (from Proxy access logs)?

Hi all,

I'm trying to identify what this is in my proxy access logs:


Followed by thousands of:


Obviously the actual IP is omitted (pub internet address).

Your help would make my day!

Thanks all
Sponsored Links
Old Unix and Linux 03-14-2017   -   Original Discussion by STOIE
bashomatic's Unix or Linux Image
bashomatic bashomatic is offline
Registered User
Join Date: Mar 2017
Last Activity: 15 March 2017, 5:11 AM EDT
Location: Northern Hemiss FEAR
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Correct me if I'm wrong but I'm thinking that those URLs do not contain the IP addresses of hosts accessing your proxy, but rather they are outbound POST requests FROM your 'clients' TO remote destinations.

This portion of the 2nd type URL you provided is typical of a 'folder' with a randomly generated name.


Folders like that are often used for legit purposes but those URLs also resemble a Slow Lorris attack. In that sort of scenario, the path and resource are arbitrary and likely don't exist. The objective is to flood the server with a bunch of requests that won't time-out, because the very end of the request header is crafted so it is purposely missing the full 0d 0a 0d 0a that the server expects.

Not really enough evidence to determine from your post.

EDIT: My first post on this forum and unfortunately, I NECROed. Sorry all..... Linux

Last edited by bashomatic; 03-14-2017 at 05:14 PM.. Reason: Apologized for thread necro.
Sponsored Links
Old Unix and Linux 03-15-2017   -   Original Discussion by STOIE
Corona688's Unix or Linux Image
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
Join Date: Aug 2005
Last Activity: 18 May 2018, 2:59 PM EDT
Location: Saskatchewan
Posts: 22,673
Thanks: 1,177
Thanked 4,321 Times in 3,984 Posts
This forum closes old threads automatically, that you were able to post in it means it wasn't old enough to be considered a necropost yet.
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Logs access in windows fetching the data from a unix server alvida Shell Programming and Scripting 1 07-16-2009 05:31 AM
Unable to access http site using wget through proxy memonks Shell Programming and Scripting 2 06-21-2009 01:32 AM
view access logs telenet whothought1 UNIX for Dummies Questions & Answers 2 02-02-2005 08:39 PM
proxy logs Jeremy Johnson UNIX for Advanced & Expert Users 1 08-04-2004 05:55 PM

All times are GMT -4. The time now is 04:03 AM.