Opened 15 years ago
Closed 15 years ago
#965 closed bug (Fixed)
Weird connections to 127.61.247.219:80
Reported by: | jankratochvil | Owned by: | andar |
---|---|---|---|
Priority: | critical | Milestone: | |
Component: | Core | Version: | other (please specify) |
Keywords: | Cc: |
Description
Started getting these weird local httpd requests:
127.61.247.219 - - [20/Jun/2009:16:22:11 +0200] "E\xfb?\x7f{\xea\x11\x9b:\xde\x1e\xe1\xd7-\xb0\xb7\x9a>,\x1c\xee\xe0\x8f\xdeF\xa2\xef\t" 403 - "-" "-" 127.61.247.219 - - [20/Jun/2009:16:24:27 +0200] "l\xb2,\xdf\xe0\xc0\v\x1f\xf0\x0e\xe3" 400 356 "-" "-" 127.61.247.219 - - [20/Jun/2009:16:26:58 +0200] "\xbe" 403 - "-" "-" 127.61.247.219 - - [20/Jun/2009:16:29:17 +0200] "a2\xb7\x9d/_+\xd1_\x9b\x9e\b\x7f\x15#B)V\x05\xc2\xc1w\xfdVJ\x99\xf7p07\xa9\xb7" 403 - "-" "-" 127.61.247.219 - - [20/Jun/2009:16:31:38 +0200] "w\x95jA\x1ay\x14\x95\xc79#\xbe\xe8\xcf\xd6b\x13\xa5\xa9\x9a\xd8\xe6\x8a\x96\xa1\x1c\xbb\xfd\x8c\x9b\xe3\xf9\xef\xea\xbe\xe1B\xdfw\xeb\x14u/|\xc2\xf3\xf7`\x953\xd7\x80+\xcf\x15S*U\tT\xe9\xf4\xec\x16\x16m$\x0f\xb3\x1b\xf6>\x83\b\xdf[\xb5\x0e\x8b\x94\xbd)k\xa5\x95w\xd5\x19)\xe3\xda\xb1Ol\xc3*R(\x18NV\x17\x9fM@\x03*." 400 356 "-" "-" 127.61.247.219 - - [20/Jun/2009:16:34:05 +0200] "\x93\xc7\xd54~x" 403 - "-" "-" 127.61.247.219 - - [20/Jun/2009:16:49:52 +0200] "\xd9\x8c6\xfd\xcc\xea!X/\xe5\xc0F\x7f5\x11U\xb0\x15\xe5\xab\xbd\xc84\xfc\x12\xcb\xfe\xad\xb06\xd3\xf4{\xd6$N\xeb\xf9\xb1\xdd\xe0\xb0c\x96\xf0\xb4\xf0\x96\xd0[j\x1b" 403 - "-" "-" 127.61.247.219 - - [20/Jun/2009:17:05:34 +0200] "J" 403 - "-" "-" 127.61.247.219 - - [20/Jun/2009:17:19:42 +0200] "V\x12K)\xe1\x19\x7f\xa2\xf5HE\x9d\xce\xd6\xb7\xad\x0c@Y3~\x8a\xd4\x10s+\xd8<H\vI\x92" 400 451 "-" "-"
It came from deluge:
tcp 0 0 127.61.247.219:80 127.61.247.219:47918 SYN_RECV - tcp 0 0 127.61.247.219:47918 127.61.247.219:80 ESTABLISHED 3529/python tcp 0 0 127.61.247.219:80 127.61.247.219:47918 SYN_RECV - tcp 0 0 127.61.247.219:47918 127.61.247.219:80 ESTABLISHED 3529/python tcp 0 0 ::ffff:127.61.247.219:80 ::ffff:127.61.247.219:47918 ESTABLISHED - tcp 0 0 127.61.247.219:47918 127.61.247.219:80 ESTABLISHED 3529/python tcp 0 0 127.61.247.219:47918 127.61.247.219:80 TIME_WAIT - tcp 0 0 ::ffff:127.61.247.219:80 ::ffff:127.61.247.219:59375 ESTABLISHED - tcp 0 0 127.61.247.219:59375 127.61.247.219:80 ESTABLISHED 3529/python tcp 0 0 127.61.247.219:59375 127.61.247.219:80 TIME_WAIT -
(PID 3529 was the deluge client, not deluged.)
deluge-1.1.9-1.fc11.noarch rb_libtorrent-0.14.3-2.fc11.x86_64 python-2.6-9.fc11.x86_64
Cannot it be some security exploit attempt? Machines are not protected from attacks from a localhost IP.
I was serving just these torrents from http://fedoraproject.org/:
Fedora-11-i386-DVD.torrent Fedora-11-i686-Live.torrent Fedora-11-x86_64-DVD.torrent Fedora-11-x86_64-Live.torrent
Note:
See TracTickets
for help on using tickets.
Cannot reproduce this.. Does it still happen with the latest 1.2 RC? Please re-open if still applicable.