Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700

• Previous message: Reminder: Tomorrow: BayLISA Monitoring SIG (Weds Oct 10, 7PM)
• Next message: Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm seeing some rather peculiar-looking thing in my Apache logs:

65.55.209.221 - - [16/Oct/2007:21:43:52 -0700] "GET /~david/FreeBSD/pccard/ HTTP/1.0" 200 529 "-" "msnbot/1.0 (+http://search.msn.com/msnbot.htm)"
71.158.175.242 - - [16/Oct/2007:22:25:27 -0700] "" 501 - "-" "-"
71.193.127.74 - - [16/Oct/2007:22:26:12 -0700] "" 501 - "-" "-"
76.21.135.124 - - [16/Oct/2007:22:26:41 -0700] "" 501 - "-" "-"
... many -- maybe hundreds -- more of the last few, from a variety of
  addresses: probably at least one botnet,  I'd guess...
222.114.43.32 - - [16/Oct/2007:23:14:47 -0700] "" 501 - "-" "-"
124.28.48.99 - - [16/Oct/2007:23:14:47 -0700] "" 501 - "-" "-"
85.155.21.249 - - [16/Oct/2007:23:14:57 -0700] "" 501 - "-" "-"
87.12.2.203 - - [16/Oct/2007:23:14:57 -0700] "GET /~david/FreeBSD/laptop.html HTTP/1.1" 200 15424 "-" "Opera/9.23 (Windows NT 5.0; U; en)"
82.253.23.91 - - [16/Oct/2007:23:14:59 -0700] "" 501 - "-" "-"
87.12.2.203 - - [16/Oct/2007:23:15:01 -0700] "GET /favicon.ico HTTP/1.1" 404 292 "http://www.catwhisker.org/~david/FreeBSD/laptop.html" "Opera/9.23 (Windows NT 5.0; U; en)"
86.107.63.71 - - [16/Oct/2007:23:15:11 -0700] "" 501 - "-" "-"
85.155.21.249 - - [16/Oct/2007:23:15:13 -0700] "" 501 - "-" "-"

The error log entries corresponding to the "peculiar" ones each look like:

[Tue Oct 16 22:25:27 2007] [error] [client 71.158.175.242] Invalid method in request 
[Tue Oct 16 22:26:12 2007] [error] [client 71.193.127.74] Invalid method in request 
[Tue Oct 16 22:26:41 2007] [error] [client 76.21.135.124] Invalid method in request 

It's not as if my Web server (sitting at the end of a residential DSL
with a  static /32) has high visibility or anything....

Is there a (pointer to a) recommended course of action?

Any clue what the perps are up to?

Thanks.

Peace,
david
-- 
David H. Wolfskill				david at catwhisker.org
Proprietary data formats obfuscate, rather than disseminate, information.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.baylisa.org/pipermail/baylisa/attachments/20071017/04cc5948/attachment.bin>

• Previous message: Reminder: Tomorrow: BayLISA Monitoring SIG (Weds Oct 10, 7PM)
• Next message: Odd HTTP queries ("Invalid method in request") seen as of 16/Oct/2007:22:25:27 -0700
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]