Mike Horwath has a current posting in Usenet's mn.general on this problem. Turns out, GETs with "?" in them lock up the router (as I recall). Florin Iucha wrote: > > On Thu, Jul 19, 2001 at 11:37:13PM +0200, Thomas Eibner wrote: > > On Thu, Jul 19, 2001 at 05:28:52PM -0400, Dan Drake wrote: > > > On Thu, Jul 19, 2001 at 11:23:27PM +0200, Thomas Eibner wrote: > > > > On Thu, Jul 19, 2001 at 09:16:42PM +0000, kblack at isd.net wrote: > > > > > Is anybody else running a firewall > > > > > (and blocking port 80) > > > > > noticing an unusual number of attacks today? > > > > > > Hmmmm. I'm seeing a lot of weird requests for "default.ida" in my logs > > > (I'm running a web server and not blocking port 80). The accesses look > > > weird, too...from a bunch of different IPs. I also have "Malformed HTTP > > > header" (or something like that) in my error log. > > > > 211.236.188.150 - - [19/Jul/2001:23:04:43 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 333 "-" "-" > > ip44-137.asiaonline.net - - [19/Jul/2001:23:12:21 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 333 "-" "-" > > 212.113.168.95 - - [19/Jul/2001:23:32:21 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 333 "-" "-" > > > > Like these I take it? > > > > The same here from these guys... > > 213.26.234.70 > 209.223.50.51 > 207.101.212.130 > 212.163.165.26 > 65.3.198.239 > 198.145.154.193 > 211.62.36.37 > 211.172.225.63 > 202.123.80.2 > 150.164.98.130 > 24.184.153.172 > 133.66.35.7 > 62.49.221.130 > 210.160.177.165 > 12.76.115.253 > 149.169.25.4 > 193.183.19.90 > 66.46.75.98 > > florin > > -- > > "If it's not broken, is because you are not fixing it enough." > > 41A9 2BDE 8E11 F1C5 87A6 03EE 34B3 E075 3B90 DFE4 > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >