linux

Why a bunch of requests with status 400?

I observe suspicious activity in the log of the web server (nginx): one of the inputs is flooded with rather high frequency (several requests per second) incomprehensible requests, which the server swears with a 400 error (bad request). The suspicious thing about the requests is that they come from a huge number of IPs in a very large number (however, not enough to consider this a DDoS). IP-shniks from completely random countries of the world. There is even IPv6 traffic. Judging by the whois, IP-shniks are mainly provider-based, with a total of almost 7 thousand of them.

79.90.117.95 - - [05/Nov/2012:22:28:35 +0100] jsmart.web.id "-" 400 0 "-" "-" "-" 71.173.86.173 - - [05/Nov/2012:22:28:36 +0100] jsmart.web.id "-" 400 0 "-" "-" "-" 71.173.86.173 - - [05/Nov/2012:22:28:36 +0100] jsmart.web.id "-" 400 0 "-" "-" "-" 89.14.108.68 - - [05/Nov/2012:22:28:36 +0100] jsmart.web.id "-" 400 0 "-" "-" "-" 89.14.108.68 - - [05/Nov/2012:22:28:36 +0100] jsmart.web.id "-" 400 0 "-" "-" "-" 89.14.108.68 - - [05/Nov/2012:22:28:36 +0100] jsmart.web.id "-" 400 0 "-" "-" "-"