Hey all...

i've got apache 2.0.47 running on a red hat machine. Im running a proxy on port 8080, and had the unpleasant experience about a year ago of leaving the proxy accessible to anyone and everyone, and sure enough i got on one of those 'free proxy lists' and had people from all over using my machine to surf the web.

i fixed it as soon as i figured out what was going on, and thru dhcp have a different ip address than i did then, so i dont have that problem anymore...

this machine is relative new, and sure enough i found the following entries in my apace access log (with similar corresponding entries in the error log). i know they're probably doing scans of blocks of ip addresses looking for open proxies or other vunerabilities, but my question is - what's the significance of the '\x04\x01' character codes?

I did a cursory google search, looked at the characters in the character map program, ran nmap on the probing ip addresses, all the usual stuff. Google had a few entries on it, but no really in depth answer



200.63.130.158 - - [12/Nov/2003:12:46:50 -0500] "CONNECT 200.61.10.250:25 HTTP/1.0" 403 306
200.63.130.158 - - [12/Nov/2003:12:46:50 -0500] "\x04\x01" 501 311

168.226.149.131 - - [13/Nov/2003:10:48:19 -0500] "CONNECT 200.61.10.250:25 HTTP/1.0" 403 306
168.226.149.131 - - [13/Nov/2003:10:48:19 -0500] "\x04\x01" 501 311