Security Incidents mailing list archives

Re: Comcast.net abuse contact?

From: Tom Laermans <tom.laermans () powersource cx>
Date: Wed, 16 Jan 2002 22:06:42 +0100

At 18:24 16/01/2002, you wrote:

Once in a while I get weird stuff where they ask for a remote webserver:

61.170.140.72   [24/Dec/2001:21:06:09 -0800] "GET http://www.s3.com/
200.83.32.13    [26/Dec/2001:20:49:16 -0800] "GET http://www.google.com/
217.168.67.121  [01/Jan/2002:00:50:45 -0800] "GET http://www.s3.com/
218.21.77.29    [03/Jan/2002:20:58:16 -0800] "GET http://www.yahoo.com/
61.142.242.236  [14/Jan/2002:10:09:45 -0800] "GET http://www.spedia.net/

Anyone know what's up with that?

People are testing to see if your webserver can be used as a proxy... (tomake them more anonymous)


I've had the same requests..

Tom


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

Comcast.net abuse contact? root (Jan 16)
- RE: Comcast.net abuse contact? Mike Healy (Jan 16)
- Re: Comcast.net abuse contact? Chris Wilkes (Jan 16)
  - Re: Comcast.net abuse contact? Tom Laermans (Jan 16)
- RE: Comcast.net abuse contact? Mike Healy (Jan 17)
- <Possible follow-ups>
- RE: Comcast.net abuse contact? Misechok Mike J (Jan 16)