[Dshield] Scan of my webserver

Tom Laermans tom.laermans at powersource.cx
Tue Mar 4 23:46:32 GMT 2003


At 21:29 04/03/2003, you wrote:
>Has anyone seen this before, and what is it attempting to do?
>I haven't been able to find much information on Google regarding this
>scan.  Manually attempting the same commands comes up 404.
>
>Apache 1.3.x logs:
>
>x.x.x.x - - [23/Feb/2003:16:11:45 -0500] "\x04\x01" 200 5533
>x.x.x.x - - [23/Feb/2003:16:12:06 -0500] "\x05\x01" 200 5533
>x.x.x.x - - [23/Feb/2003:16:12:07 -0500] "CONNECT 64.157.4.82:25
>HTTP/1.1" 200 5553

While i don't know about the first 2, the last one is an attempt to connect 
to a mailserver using your webserver as an anonymous relay.
Apparently it succeeded, at least that's what code 200 tells me, which 
gives me the impression you're running the proxy module and are wide open 
to the world.

Tom 



More information about the list mailing list