I have an application (our Mirabel system) running on a server inside our firewall (so not visible to the open Internet).

 

I’ve recently started seeing messages like this in the log:

Access denied: ����.

Access denied: PRI * HTTP/2.0 SM .

 

Where the value reported can be quite varied, but is often unrenderable characters or other stuff. (In this case the characters are all \uFFFD).

The log messages all report the same IP address.

 

This server does not use named users, so there’s no authentication required to access it.

 

The IP address is not one of my own servers, so I don’t think it’s something generated by my own code.

 

Any idea what this might be? It’s started relatively recently, which makes me think it might be some sort of penetration test.

 

Cheers,

 

E.

LinkedIn | Twitter | YouTube | Facebook