Hi all, I would like to pose a question? Does anyone else have a problem with Netcraft sweeping the web looking vulnerable servers to latest IIS buffer overflow? Now I know that they are company that compiles statistics on internet usage but still, the idea of them having a huge database of IP addresses of vulnerable IIS servers reminds me of the purpose of most root kits once they are installed. Which is to scan other servers looking for vulnerable IP's. Maybe I'm too paranoid or off base here but with the proper reverse DNS I can become an netcraft scanning agent myself. If we are going to rely on reverse DNS to tell who is ok and who isn't then we will obviously get some with maliciously configured reverse DNS. Below is the hit I received in my web server log: 22:20:13 195.92.95.61 - 80 GET /nonexistent.htr - 500 2148007941 471 161 90550 HTTP/1.0 www.myesn.com Mozilla/4.0+(compatible;+Netcraft+Webserver+Survey) - http://www.netcraft.com/Survey/ Is anyone else ok with this practice? ================================================ Jimmy Sadri CISSP jimmys@private Systems Administrator/Webmaster webmaster@private Network Engineer/Security Consultant Myesn.com
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 20:53:41 PDT