Alan, It looks to be an NT 4.0 web server running FTP, HTTP, HTTPS, and Proxy. Its ridiculously wide-open (you could easily use it as a file-server from the Internet), and I would assume that someone is using it as a jumping off point. Andrew Blevins -----Original Message----- From: Alan Wright [mailto:AlanJWrightat_private] Sent: Wednesday, October 10, 2001 3:31 PM To: incidentsat_private Subject: HTTP Probe by Webserver Dear All I have noticed tonight that BlackIce Defender has flagged up an Http probe from a webserver @195.10.146.197. This comes back as a Finnish IP. Anyone know if the server has been compromised and is randomly probing or is someone using it as a jump off point for some probing Any help would be gratefully received. All the best Alan { Alan J Wright B.Sc(Hons)(Open)} {SMS or Phone +447624462772} ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 10 2001 - 15:47:34 PDT