[Dshield] Scan of my webserver

Patrick Andry pandry at wolverinefreight.ca
Wed Mar 5 13:01:36 GMT 2003


Yes, I have removed mod_proxy from the webserver once I saw that scan. 
The first two however have me stumped.
 

On Tue, 2003-03-04 at 18:46, Tom Laermans wrote:
> >x.x.x.x - - [23/Feb/2003:16:11:45 -0500] "\x04\x01" 200 5533
> >x.x.x.x - - [23/Feb/2003:16:12:06 -0500] "\x05\x01" 200 5533
> >x.x.x.x - - [23/Feb/2003:16:12:07 -0500] "CONNECT 64.157.4.82:25
> >HTTP/1.1" 200 5553
> 
> While i don't know about the first 2, the last one is an attempt to connect 
> to a mailserver using your webserver as an anonymous relay.
> Apparently it succeeded, at least that's what code 200 tells me, which 
> gives me the impression you're running the proxy module and are wide open 
> to the world.
> 
> Tom 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list