Security Incidents mailing list archives

Re: Scanners using netcraft?

From: jericho () DIMENSIONAL COM (mea culpa)
Date: Mon, 10 Jan 2000 15:24:48 -0700

Hi,

netcraft.com routinely scans web sites and publish their
survey of http server software. See http://www.netcraft.com/.
They also scan port 443 (https) for the same reasons, and I've
seen them try to do DNS zone transfers although not recently.
I don't think their activity is harmful, probably just an
unrelated event.


It should be noted that Netcraft *could* be used for this quite trivially.
A user can pass any third party web server to the Netcraft query engine
(even via lynx and a single command) and find out the resulting server. So
a quick script to check entire class C networks would be trivial to write,
grep out a specific server, then throw attacks at them.

http://www.netcraft.com/whats/

Current thread:

Scanners using netcraft? Michael Damm (Jan 05)
- Re: Scanners using netcraft? Richard Trott (Jan 05)
- Re: Scanners using netcraft? Mike Johnson (Jan 05)
  - Got cracked/attacked this morning Filip M. Gieszczykiewicz (Jan 08)
  - god damn - we got rooted again (long, alas) Filip M. Gieszczykiewicz (Jan 09)
  - rootkit site found in sniff log (??) Filip M. Gieszczykiewicz (Jan 09)
- Re: Scanners using netcraft? Al Huger - Mail Account (Jan 05)
- Port 3593 Raistlin (Jan 05)
- Re: Scanners using netcraft? sekurity (Jan 05)
- <Possible follow-ups>
- Re: Scanners using netcraft? Eric Cholet (Jan 05)
  - Re: Scanners using netcraft? mea culpa (Jan 10)