RE: Strange scans

From: Ed Moyle (emoyleat_private)
Date: Mon Apr 15 2002 - 11:03:57 PDT

Next message: Andrew Daviel: "Re: <victim>server formmail.pl exploit in the wild"

Previous message: Nathan W. Labadie: "Re: Botnet/Domains"
Maybe in reply to: Brenna Primrose: "Strange scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> It's fairly obvious they were looking for IIS and other vulnerabilities,
> but why does "GET http://www.microsoft.com/ HTTP/1.0" appear in it?

Looks like it is testing to see if you are a proxy server...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Andrew Daviel: "Re: <victim>server formmail.pl exploit in the wild"
Previous message: Nathan W. Labadie: "Re: Botnet/Domains"
Maybe in reply to: Brenna Primrose: "Strange scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 15 2002 - 12:33:17 PDT