RE: Java 1.1.8 paired probes

["NESTING, DAVID M (SBCSI)" <dn3723 () sbc com>]

Visiting http://203.194.146.46/, I get a link to
http://www.webtelemetry.com/.  This appears to be what you're seeing.
Either someone in your organization is initiating this somehow, or you have
two people on these other IP's testing connectivity to your servers (for
your benefit or perhaps theirs).  It's possible that they're unrelated, that
these clients are just probing at intervals and that they just happened to
start their probes within a few seconds of each other.

David

-----Original Message-----
From: Jackie [mailto:JackieJ () Syllables com]
Sent: Thursday, August 16, 2001 9:01
To: incidents2
Subject: Java 1.1.8 paired probes


Over the last 2 days ONLY, I have been seeing
63.85.124.6 - - [16/Aug/2001:09:04:21 -0400] "GET / HTTP/1.0" 200 453 "-"
"Java1.1.8"
203.194.146.46 - - [16/Aug/2001:09:04:25 -0400] "GET / HTTP/1.0" 200 453 "-"
"Java1.1.8"

These probes are ALWAYS paired, always from the same 2 IP addresses,
the second ALWAYS within seconds of the first.

Sorry if this has been covered here previously. Can someone give me a
thumbnail of what's going on? Also note the 200 response from our
Linux box.

Thanks.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com