[Dshield] ~security.rr.com:25

walter woodrow oopicwow at yahoo.com
Sat Jun 21 01:20:20 GMT 2003

Has anyone seen this type of data in their IIS logs?

I checked the IP (http://www.dshield.org/ipinfo.php?ip= and it has a host name of customerscan.sec.rr.com.


Are they (Road Runner) checking for open telnet servers? I find it an interesting parameter used (~security.rr.com:25)


ClientHost,Username,LogTime,Service,Machine,ServerIP,ProcessingTime,BytesRecvd,BytesSent,ServiceStatus,ServiceStatusDesc,Win32Status,Operation,Target,Parameters,-,6/20/2003 18:56,W3SVC1,MYServer,x.x.x.x,0,39,4184,404,Not Found,123,GET,/,~security.rr.com:25,-,6/20/2003 18:55,W3SVC1,MYServer,x.x.x.x,15,39,4184,404,Not Found,123,GET,/,~security.rr.com:25


Any Ideas?




Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!

More information about the list mailing list