RE: HTTP Probe by Webserver

From: Andrew Blevins (ABlevinsat_private)
Date: Wed Oct 10 2001 - 15:41:45 PDT

  • Next message: Jensenne Roculan: "Vacation Troller, Please Ignore"

    Alan,
    It looks to be an NT 4.0 web server running FTP, HTTP, HTTPS, and Proxy. Its
    ridiculously wide-open (you could easily use it as a file-server from the
    Internet), and I would assume that someone is using it as a jumping off
    point. 
    
    Andrew Blevins
    
    
    
    -----Original Message-----
    From: Alan Wright [mailto:AlanJWrightat_private]
    Sent: Wednesday, October 10, 2001 3:31 PM
    To: incidentsat_private
    Subject: HTTP Probe by Webserver
    
    
    Dear All
    
    I have noticed tonight that BlackIce Defender has flagged up an Http probe 
    from a webserver @195.10.146.197.
    This comes back as a Finnish IP.
    Anyone know if the server has been compromised and is randomly probing or 
    is someone using it as a jump off point for some probing
    
    Any help would be gratefully received.
    
    
    
    All the best
    
    Alan
    
    { Alan J Wright B.Sc(Hons)(Open)}
    {SMS or Phone +447624462772}
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Oct 10 2001 - 15:47:34 PDT