[Dshield] Scan of my webserver

Serge Vondandamo svondandamo at mercury-eur.com
Wed Mar 5 00:06:50 GMT 2003

Hi Tom,

What does the code 200 represent? As a novice, I will like to grasp any of
this. Is it an internal system process or some kind of magical stuffs? I
will be interested in hearing how the code 200 told you that the connection

Thanks for your clarification,


-----Original Message-----
From: Tom Laermans [mailto:tom.laermans at powersource.cx] 
Sent: Wednesday, March 05, 2003 12:47 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Scan of my webserver

At 21:29 04/03/2003, you wrote:
>Has anyone seen this before, and what is it attempting to do?
>I haven't been able to find much information on Google regarding this
>scan.  Manually attempting the same commands comes up 404.
>Apache 1.3.x logs:
>x.x.x.x - - [23/Feb/2003:16:11:45 -0500] "\x04\x01" 200 5533
>x.x.x.x - - [23/Feb/2003:16:12:06 -0500] "\x05\x01" 200 5533
>x.x.x.x - - [23/Feb/2003:16:12:07 -0500] "CONNECT
>HTTP/1.1" 200 5553

While i don't know about the first 2, the last one is an attempt to connect 
to a mailserver using your webserver as an anonymous relay.
Apparently it succeeded, at least that's what code 200 tells me, which 
gives me the impression you're running the proxy module and are wide open 
to the world.


list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list