I'm not sure what the first two requests are - they're just look like standard ASCII codes requests.

The third could be a standard connection attempt by someone using telnet, seeing exactly what your server returns. It may also be someone who is trying to use your server as a proxy, and is trying to connect to another server through yours. The request for another IP address is odd too.

Inital thoughts are that it could be a script kiddie, or someone doing a general port scanner? This is something which happens to lots of servers every day. I'd suggest keeping an eye on the logs. If it's not happening often, then it probably isn't anything to be too concerned about. I see lots of similar occurrances in the logs - spanning every IP address that my servers are on - which indicates it's just someone doing a scan to see whats there.

When did you first see these attempts?

JP

64.228.44.87 - - [05/Feb/2003:08:51:46 -0500] "\x04\x01" 200 9068 "-" "-"
64.228.44.87 - - [05/Feb/2003:08:52:07 -0500] "\x05\x01" 200 9044 "-" "-"
64.228.44.87 - - [05/Feb/2003:08:52:07 -0500] "CONNECT 64.157.4.84:25 HTTP/1.1" 200 12119 "-" "-"

That was the first one, 11 days ago.

Does one of the quoted dashes "-", represent the http_user_agent?
If so, I could block that user_agent.

I am seeing these on a regular basis. It looks like a script probing for vulnerability and for an open proxy.