[Dshield] Scan of my webserver

Serge Vondandamo svondandamo at mercury-eur.com
Wed Mar 5 00:06:50 GMT 2003


Hi Tom,

What does the code 200 represent? As a novice, I will like to grasp any of
this. Is it an internal system process or some kind of magical stuffs? I
will be interested in hearing how the code 200 told you that the connection
succeeded.

Thanks for your clarification,

Regards
Serge

-----Original Message-----
From: Tom Laermans [mailto:tom.laermans at powersource.cx] 
Sent: Wednesday, March 05, 2003 12:47 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Scan of my webserver

At 21:29 04/03/2003, you wrote:
>Has anyone seen this before, and what is it attempting to do?
>I haven't been able to find much information on Google regarding this
>scan.  Manually attempting the same commands comes up 404.
>
>Apache 1.3.x logs:
>
>x.x.x.x - - [23/Feb/2003:16:11:45 -0500] "\x04\x01" 200 5533
>x.x.x.x - - [23/Feb/2003:16:12:06 -0500] "\x05\x01" 200 5533
>x.x.x.x - - [23/Feb/2003:16:12:07 -0500] "CONNECT 64.157.4.82:25
>HTTP/1.1" 200 5553

While i don't know about the first 2, the last one is an attempt to connect 
to a mailserver using your webserver as an anonymous relay.
Apparently it succeeded, at least that's what code 200 tells me, which 
gives me the impression you're running the proxy module and are wide open 
to the world.

Tom 

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


More information about the list mailing list