Hi all,
I would like to pose a question? Does anyone else have a problem with
Netcraft sweeping the web looking vulnerable servers to latest IIS buffer
overflow? Now I know that they are company that compiles statistics on
internet usage but still, the idea of them having a huge database of IP
addresses
of vulnerable IIS servers reminds me of the purpose of most root kits once they
are installed. Which is to scan other servers looking for vulnerable IP's.
Maybe I'm too
paranoid or off base here but with the proper reverse DNS I can become an
netcraft
scanning agent myself. If we are going to rely on reverse DNS to tell who is ok
and
who isn't then we will obviously get some with maliciously configured reverse
DNS.
Below is the hit I received in my web server log:
22:20:13 195.92.95.61 - 80 GET /nonexistent.htr - 500 2148007941 471 161 90550
HTTP/1.0 www.myesn.com Mozilla/4.0+(compatible;+Netcraft+Webserver+Survey) -
http://www.netcraft.com/Survey/
Is anyone else ok with this practice?
================================================
Jimmy Sadri CISSP jimmys@private
Systems Administrator/Webmaster webmaster@private
Network Engineer/Security Consultant Myesn.com
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 20:53:41 PDT