[Dshield] http "get x" requests?
ed.truitt at etee2k.net
Sat May 11 02:51:59 GMT 2002
It isn't, unless Netcraft has a box in China. The upstream for that IP is
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
----- Original Message -----
From: "Johannes B. Ullrich" <jullrich at sans.org>
To: <list at dshield.org>
Sent: Friday, May 10, 2002 3:18 PM
Subject: Re: [Dshield] http "get x" requests?
> > 220.127.116.11 gsa.creighton.edu - [10/May/2002:13:45:52 -0500] "GET x
> > HTTP/1.0" 400 2498 "" ""
> usually these requests are just checking the banner your server
> returns to see what server you are running.
> Can be used to hit you with a targeted exploit next, or maybe
> someone is just nosy. Netcraft is known to use 'GET x' for
> its surveys (but the IP does not look like one of theirs).
More information about the list