A couple servers I manage have been getting these off and on for months, the last one was last night, the originating host was a broadband user on ATTBI who was filtering everything inbound. On Monday 06 January 2003 03:35 pm, Chris Barford wrote: > I can't confirm this but I would guess this would be a good way to get > the http headers of websites. Perhaps then following this a potential > hacker could see you were for example running IIS 5.0 and in subsequent > scans check for the unicode exploits. Or a more likely cause would be > to get a list of apache servers to try to use the openssl-too-open > exploits against > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Feb 02 2003 - 08:43:42 PST