Visiting http://203.194.146.46/, I get a link to http://www.webtelemetry.com/. This appears to be what you're seeing. Either someone in your organization is initiating this somehow, or you have two people on these other IP's testing connectivity to your servers (for your benefit or perhaps theirs). It's possible that they're unrelated, that these clients are just probing at intervals and that they just happened to start their probes within a few seconds of each other. David -----Original Message----- From: Jackie [mailto:JackieJat_private] Sent: Thursday, August 16, 2001 9:01 To: incidents2 Subject: Java 1.1.8 paired probes Over the last 2 days ONLY, I have been seeing 63.85.124.6 - - [16/Aug/2001:09:04:21 -0400] "GET / HTTP/1.0" 200 453 "-" "Java1.1.8" 203.194.146.46 - - [16/Aug/2001:09:04:25 -0400] "GET / HTTP/1.0" 200 453 "-" "Java1.1.8" These probes are ALWAYS paired, always from the same 2 IP addresses, the second ALWAYS within seconds of the first. Sorry if this has been covered here previously. Can someone give me a thumbnail of what's going on? Also note the 200 response from our Linux box. Thanks. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 16:24:33 PDT