Hiding the source of the web server scan

From: Bobby, Paul (paul.bobbyat_private)
Date: Thu May 17 2001 - 08:47:50 PDT

Next message: james.s.kahanat_private: "Re: Strange email"

Previous message: Matt Scarborough: "Re: Strange email"
Reply: Hugo van der Kooij: "Re: Hiding the source of the web server scan"
Reply: Andre Kajita - Administrador da Rede: "Re: Hiding the source of the web server scan"
Reply: Daniel Martin: "Re: Hiding the source of the web server scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Can anyone tell me what tool is used to accomplish the following?

The port scans I see for web servers are followed up with the following
series of commands:

GET http://www.intel.com/ HTTP/1.1\r\n
Host: www.intel.com \r\n
Accept: */*\r\n
Pragma: no-cache:\r\n
User-Agent: Mozilla/4.0\r\n
\r\n

www.intel.com is sometimes replaced with www.yahoo.com or whatever address.

The port scan itself is of course detected by my perimeter security, the web
server log I presume always logs that the source was www.intel.com.

No big deal, just that I'm seeing a lot of these recently.

=========
Paul Bobby
<dream> Got Root? </dream>

Next message: james.s.kahanat_private: "Re: Strange email"
Previous message: Matt Scarborough: "Re: Strange email"
Reply: Hugo van der Kooij: "Re: Hiding the source of the web server scan"
Reply: Andre Kajita - Administrador da Rede: "Re: Hiding the source of the web server scan"
Reply: Daniel Martin: "Re: Hiding the source of the web server scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 17 2001 - 19:54:35 PDT