All, I have noticed the following in my black ice logs: HTTP_URL_Name_Very_Long, serverip, servername, 210.108.137.153, , URL=/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, 1, B, 80, 36286, 0x188006 This says that the server itself is sending a web request out to a client machine at 210.108.137.153. I ran tcpView and it does not show any outgoing activity, but I am not sure that utility will show that activity. We run Norton Corp AV, and it does not pick up anything in a full scan. We checked the box for the usually suspects, and nothing was found. Anyone have any ideas? Could black ice possibly have it backwards? Thanks in advance. Vinny Bedus Bit Changers http://www.BitChangers.com --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Aug 23 2003 - 14:01:34 PDT