[Dshield] Apache Question

David Cannings lists at edeca.net
Wed May 11 22:27:03 GMT 2005


Jim McCullough wrote:
> On 5/11/05, Joel Esler <esler at knology.net> wrote:
>> 82.96.96.3 - - [10/May/2005:22:52:59 -0400] "POST
>> http://82.96.96.3:802/ HTTP/1.0" 200 55296 "-" "-" 82.96.96.3 - -
>> [10/May/2005:22:52:59 -0400] "CONNECT 82.96.96.3:802 HTTP/1.0" 405
>> 329 "-" "-"
> I've had a few lately myself similar to this.  I am still 
> investigating it on my end, including packet capture for the entire 
> conversation.
> 
> irc.freenode.net #dshield/#dshielders

And the above IRC channels would be why, rDNS on that IP suggests it is
the freenode proxy scanner.

David



More information about the list mailing list