So I’m the server admin and web developer for my school’s robotics team. I look through the servers access logs every once in a while just to check on things. I keep seeing requests that look like someone’s scanning for vulns. But I’m seeing something I’ve never seen before. It looks like someone is sending requests in machine code and I have no idea why or what it would do???
here’s the request:
"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x02\x00\x00\x00" 400 166 "-" "-"
Probably just testing for some vulnerability. If you’re current on patches, you can just disregard as background noice. If it really happens a lot, setting up something like Fail2ban would be useful.
Edit: A quick google search suggests it looks like a Windows Remote Desktop packet header. So something scanning the internet for machines with open RDP