[Dshield] Scan of my webserver
Coxe, John B.
JOHN.B.COXE at saic.com
Wed Mar 5 00:44:26 GMT 2003
Refer to section 9.9 of RFC 2616 (http://www.faqs.org/rfcs/rfc2616.html) for
This specification reserves the method name CONNECT for use with a
proxy that can dynamically switch to being a tunnel (e.g. SSL
 Luotonen, A., "Tunneling TCP based protocols through Web proxy
servers," Work in Progress. [jg647]>>
Your 200 response indicates your are running apache as an open smtp
I don't know what significance those cntl-D cntl-A and cntl-E cntl-A are;
but they were also successful apparently.
From: Patrick Andry [mailto:patrick at goodbadmovies.com]
Sent: Tuesday, March 04, 2003 12:30 PM
To: General DShield Discussion List
Subject: [Dshield] Scan of my webserver
Has anyone seen this before, and what is it attempting to do?
I haven't been able to find much information on Google regarding this
scan. Manually attempting the same commands comes up 404.
Apache 1.3.x logs:
x.x.x.x - - [23/Feb/2003:16:11:45 -0500] "\x04\x01" 200 5533
x.x.x.x - - [23/Feb/2003:16:12:06 -0500] "\x05\x01" 200 5533
x.x.x.x - - [23/Feb/2003:16:12:07 -0500] "CONNECT 18.104.22.168:25
HTTP/1.1" 200 5553
Patrick Andry <patrick at goodbadmovies.com>
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list