[Dshield] (new?) IIS 'galaxy' vulnerability scanner ?
gbroiles at parrhesia.com
Sat Jun 8 03:16:11 GMT 2002
At 09:01 PM 6/7/2002 -0400, you wrote:
>I had today three people notify me about a new, rather noisy, signature
>they found in their apache logs. Can everyone take a look at their logs
>and see if they find it? I don't think this qualifies as a 'worm' so far.
>It looks a bit too complex and overly redundant. But maybe it is some
>Note the first Line: 'galaxy_10400.10746'. It looks like a marker someone
>added to the tool.
I saw something similar, although they visited me on May 13 and haven't
My log excerpt is at <http://parrhesia.com/galaxy-scan.txt> so as not to
clog up everyone's mail with boring log entries.
The first line was
184.108.40.206 - - [13/May/2002:16:44:41 -0700] "GET /galaxy_176172.176518
HTTP/1.0" 404 286 "-" "-"
and there were 57 entries total. The log entries are PDT (GMT -7:00) and
the system clock is synchronized every few hours to USNO time.
Greg Broiles -- gbroiles at parrhesia.com -- PGP 0x26E4488c or 0x94245961
More information about the list