[Dshield] Scan of my webserver
svondandamo at mercury-eur.com
Wed Mar 5 00:06:50 GMT 2003
What does the code 200 represent? As a novice, I will like to grasp any of
this. Is it an internal system process or some kind of magical stuffs? I
will be interested in hearing how the code 200 told you that the connection
Thanks for your clarification,
From: Tom Laermans [mailto:tom.laermans at powersource.cx]
Sent: Wednesday, March 05, 2003 12:47 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Scan of my webserver
At 21:29 04/03/2003, you wrote:
>Has anyone seen this before, and what is it attempting to do?
>I haven't been able to find much information on Google regarding this
>scan. Manually attempting the same commands comes up 404.
>Apache 1.3.x logs:
>x.x.x.x - - [23/Feb/2003:16:11:45 -0500] "\x04\x01" 200 5533
>x.x.x.x - - [23/Feb/2003:16:12:06 -0500] "\x05\x01" 200 5533
>x.x.x.x - - [23/Feb/2003:16:12:07 -0500] "CONNECT 18.104.22.168:25
>HTTP/1.1" 200 5553
While i don't know about the first 2, the last one is an attempt to connect
to a mailserver using your webserver as an anonymous relay.
Apparently it succeeded, at least that's what code 200 tells me, which
gives me the impression you're running the proxy module and are wide open
to the world.
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list