Greets, > Can anyone tell me what tool is used to accomplish the following? ... > GET http://www.intel.com/ HTTP/1.1\r\n > Host: www.intel.com \r\n > Accept: */*\r\n > Pragma: no-cache:\r\n > User-Agent: Mozilla/4.0\r\n > \r\n I'd guess one of two things: 1 - A scan for MS IIS machines, they just throw some trash at a server and when it responds it picks up the server type. 2, which I think is more probable - Someone's scanning for open proxys. I've been getting a large number of scans with HTTP payloads along some common proxy ports (88,1080,3128,8000,8080,8888,etc.) and I can only guess that someone's searching for a few open proxy to fool around with. Either way, it's a tool that's sending the requests you've been getting. Since the 'Host' content field is filled in by the browser or other qualified agent it can also be forged to whatever address you want if you build your own tool so if you check your border logs you'd probably find a different IP than www.intel.com's. Andre. -- Arthur Dent: "What's so unpleasant about being drunk?" Ford Prefect: "You ask a glass of water." - Douglas Noel Adams, 1952 - 2001 - DNA, so long and thanks for all the books -- Andre Kajita - Administrador da Rede <adminat_private> Camara Municipal de Sao Jose dos Campos - SP http://www.camarasjc.sp.gov.br
This archive was generated by hypermail 2b30 : Fri May 18 2001 - 12:31:45 PDT