Security Incidents mailing list archives
Re: Comcast.net abuse contact?
From: Tom Laermans <tom.laermans () powersource cx>
Date: Wed, 16 Jan 2002 22:06:42 +0100
At 18:24 16/01/2002, you wrote:
Once in a while I get weird stuff where they ask for a remote webserver: 61.170.140.72 [24/Dec/2001:21:06:09 -0800] "GET http://www.s3.com/ 200.83.32.13 [26/Dec/2001:20:49:16 -0800] "GET http://www.google.com/ 217.168.67.121 [01/Jan/2002:00:50:45 -0800] "GET http://www.s3.com/ 218.21.77.29 [03/Jan/2002:20:58:16 -0800] "GET http://www.yahoo.com/ 61.142.242.236 [14/Jan/2002:10:09:45 -0800] "GET http://www.spedia.net/ Anyone know what's up with that?
People are testing to see if your webserver can be used as a proxy... (to make them more anonymous)
I've had the same requests.. Tom ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Comcast.net abuse contact? root (Jan 16)
- RE: Comcast.net abuse contact? Mike Healy (Jan 16)
- Re: Comcast.net abuse contact? Chris Wilkes (Jan 16)
- Re: Comcast.net abuse contact? Tom Laermans (Jan 16)
- RE: Comcast.net abuse contact? Mike Healy (Jan 17)
- <Possible follow-ups>
- RE: Comcast.net abuse contact? Misechok Mike J (Jan 16)