Security Incidents mailing list archives
Curious HTTP related probings.
From: scott () WHOI EDU (Scott A . McIntyre)
Date: Wed, 22 Mar 2000 09:19:59 -0500
For the past few months I've seen some curious web-related probes in the following pattern: Wed 03/22 14:06:00 tcp x.x.x.x.2140 > host.whoi.edu.80 Wed 03/22 14:06:46 tcp x.x.x.x.2196 > host.whoi.edu.8080 Wed 03/22 14:07:32 tcp x.x.x.x.2238 > host.whoi.edu.3128 It's always the same three ports, and I know what they typically represent, however, the destinations are often nodes within our network address space that don't exist and/or have never existed. The src address makes no other connection attempts to the box on our network, and there are no other attempts to contact that destination box, just this cluster of three pokes. I'm curious of anyone else has seen such patterns and if they've discovered any particularly negative results as a consequence of the probes. Thanks. Scott
Current thread:
- Re: 8 hours of pinging Ed Padin (Mar 21)
- Re: 8 hours of pinging spiff (Mar 22)
- Curious HTTP related probings. Scott A . McIntyre (Mar 22)
- Re: Curious HTTP related probings. Erik Fichtner (Mar 22)
- Re: Curious HTTP related probings. Russell Fulton (Mar 22)
- [Fwd: [fw-wiz] Specious network performance measurements.] horio shoichi (Mar 22)
- <Possible follow-ups>
- Re: 8 hours of pinging Scott Wunsch (Mar 22)
- Re: 8 hours of pinging Robert Graham (Mar 22)
- Re: 8 hours of pinging Rainer Freis (Mar 27)
- Re: 8 hours of pinging Ed Padin (Mar 28)
- Re: 8 hours of pinging Dragos Ruiu (Mar 29)
- rooted by r0x - from address 212.177.241.127 Dwight Schauer (Mar 29)
- Re: rooted by r0x - from address 212.177.241.127 Ethan King (Mar 29)
(Thread continues...)