this post was submitted on 24 Apr 2024
1 points (100.0% liked)

Security Operations

570 readers
1 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 1 year ago
MODERATORS
 

The NGINX access.log of my VPS is showing a curiosity.

Instead of a simple request like this...

"GET / HTTP/1.1"

...regular requests are coming in that look like this

"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00"

Is this some kind of hack attempt?

Here's an example of a full line from the log...

15.204.204.182 - - [24/Apr/2024:15:59:47 +0000] "\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00" 400 166 "-" "-"

EDIT: For what it might be worth, most of these requests come in singularly, from different IP addresses. Once (that I've noticed) repeated attempts came in quickly from one specific IP.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here