Security Incidents mailing list archives

RE: HTTP Probe by Webserver

From: "Vince Sola" <sola-v () home com>
Date: Wed, 10 Oct 2001 19:52:45 -0400

That host has been had by the Nimda worm..so you may just be seeing nimda 
probes.

Vince

-----Original Message-----
From: Alan Wright [mailto:AlanJWright () manx net]
Sent: Wednesday, October 10, 2001 6:31 PM
To: incidents () securityfocus com
Subject: HTTP Probe by Webserver

Dear All

I have noticed tonight that BlackIce Defender has flagged up 
an Http probe 
from a webserver @195.10.146.197.
This comes back as a Finnish IP.
Anyone know if the server has been compromised and is 
randomly probing or 
is someone using it as a jump off point for some probing

Any help would be gratefully received.

All the best

Alan

{ Alan J Wright B.Sc(Hons)(Open)}
{SMS or Phone +447624462772}

--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

HTTP Probe by Webserver Alan Wright (Oct 10)
- RE: HTTP Probe by Webserver Vince Sola (Oct 11)
- <Possible follow-ups>
- RE: HTTP Probe by Webserver Andrew Blevins (Oct 10)
- RE: HTTP Probe by Webserver Dean Cunningham (Oct 11)