[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Odd log messages

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Odd log messages
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Sun, 11 Dec 2005 20:16:59 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sun, 11 Dec 2005 20:17:05 -0500
In-reply-to: <439CBE78.5030203@gmail.com>
Mail-followup-to: Nick Mathewson <nickm@xxxxxxxxxxxxx>, or-talk@xxxxxxxxxxxxx
References: <439CBE78.5030203@gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i

On Sun, Dec 11, 2005 at 07:04:08PM -0500, Void Beast wrote:
> **-----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> I keep getting this log message repeated about every 2 hours:
> 
> Dec 11 17:30:22.339 [warn] headerlen 65623 larger than 49999. Failing.
> Dec 11 17:30:22.370 [warn] Invalid input from address '69.223.141.207'.
> Closing.
> 
> Perhaps a crawler of some sort has latched on to my port 80 thinking it is
> a webserver?
> I dunno... Any ideas?

That's one likeliest explanation.  Tor uses HTTP to serve directory
information, but (we think) it never sends a HTTP request bigger than
49999 bytes long.  So when it sees a very long HTTP request, it
rejects it.

That's quite a long request, though! Possibly somebody is sending
malformed HTTP, or some compromised machine is trying out exploits.
Hard to say.

yrs,
-- 
Nick Mathewson

Attachment: pgpzr1LSwdpO7.pgp
Description: PGP signature

References:
- Odd log messages
  - From: Void Beast

Prev by Author: Re: [declan@well.com: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv]]
Next by Author: Re: [declan@well.com: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv]]
Previous by thread: Odd log messages
Next by thread: Concerning TorDNS problems
Index(es):
- Author
- Thread