Security Incidents mailing list archives
RE: HTTP Probe by Webserver
From: "Vince Sola" <sola-v () home com>
Date: Wed, 10 Oct 2001 19:52:45 -0400
That host has been had by the Nimda worm..so you may just be seeing nimda probes. Vince
-----Original Message----- From: Alan Wright [mailto:AlanJWright () manx net] Sent: Wednesday, October 10, 2001 6:31 PM To: incidents () securityfocus com Subject: HTTP Probe by Webserver Dear All I have noticed tonight that BlackIce Defender has flagged up an Http probe from a webserver @195.10.146.197. This comes back as a Finnish IP. Anyone know if the server has been compromised and is randomly probing or is someone using it as a jump off point for some probing Any help would be gratefully received. All the best Alan { Alan J Wright B.Sc(Hons)(Open)} {SMS or Phone +447624462772} -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- HTTP Probe by Webserver Alan Wright (Oct 10)
- RE: HTTP Probe by Webserver Vince Sola (Oct 11)
- <Possible follow-ups>
- RE: HTTP Probe by Webserver Andrew Blevins (Oct 10)
- RE: HTTP Probe by Webserver Dean Cunningham (Oct 11)