Odd log messages
Nick Mathewson
nickm at freehaven.net
Mon Dec 12 01:16:59 UTC 2005
On Sun, Dec 11, 2005 at 07:04:08PM -0500, Void Beast wrote:
> **-----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I keep getting this log message repeated about every 2 hours:
>
> Dec 11 17:30:22.339 [warn] headerlen 65623 larger than 49999. Failing.
> Dec 11 17:30:22.370 [warn] Invalid input from address '69.223.141.207'.
> Closing.
>
> Perhaps a crawler of some sort has latched on to my port 80 thinking it is
> a webserver?
> I dunno... Any ideas?
That's one likeliest explanation. Tor uses HTTP to serve directory
information, but (we think) it never sends a HTTP request bigger than
49999 bytes long. So when it sees a very long HTTP request, it
rejects it.
That's quite a long request, though! Possibly somebody is sending
malformed HTTP, or some compromised machine is trying out exploits.
Hard to say.
yrs,
--
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20051211/69c2bc40/attachment.pgp>
More information about the tor-talk
mailing list