Security Incidents mailing list archives
RE: HTTP Probe by Webserver
From: Andrew Blevins <ABlevins () arrowheadgrp com>
Date: Wed, 10 Oct 2001 15:41:45 -0700
Alan, It looks to be an NT 4.0 web server running FTP, HTTP, HTTPS, and Proxy. Its ridiculously wide-open (you could easily use it as a file-server from the Internet), and I would assume that someone is using it as a jumping off point. Andrew Blevins -----Original Message----- From: Alan Wright [mailto:AlanJWright () manx net] Sent: Wednesday, October 10, 2001 3:31 PM To: incidents () securityfocus com Subject: HTTP Probe by Webserver Dear All I have noticed tonight that BlackIce Defender has flagged up an Http probe from a webserver @195.10.146.197. This comes back as a Finnish IP. Anyone know if the server has been compromised and is randomly probing or is someone using it as a jump off point for some probing Any help would be gratefully received. All the best Alan { Alan J Wright B.Sc(Hons)(Open)} {SMS or Phone +447624462772} ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- HTTP Probe by Webserver Alan Wright (Oct 10)
- RE: HTTP Probe by Webserver Vince Sola (Oct 11)
- <Possible follow-ups>
- RE: HTTP Probe by Webserver Andrew Blevins (Oct 10)
- RE: HTTP Probe by Webserver Dean Cunningham (Oct 11)