RE: Unusual Web Server

From: Muhammad Faisal Rauf Danka (mfrdat_private)
Date: Tue Jul 08 2003 - 15:19:28 PDT

Next message: Derek Grocke: "Ingress II 2.6 scripts needed"

Previous message: Gwendolynn ferch Elydyr: "Re: Product review postings - Suggested Solution"
Maybe in reply to: charrin2at_private: "Unusual Web Server"
Next in thread: Jeff Bollinger: "Re: Unusual Web Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The SB4100E Motrolla External Cable modem also uses that little webserver as HTML-based user interface for troubleshooting. 
Another possibility is NetScreen, I have myself seen that in Netscreen 5XP OS 3.0.1r2 

Regards
--------
Muhammad Faisal Rauf Danka


--- "Sabol, Paul" <PSABOLat_private> wrote:
>Could be Apache...you can modify the http.h SERVERBASENAME,
>SERVERVERSION (don't quote me on the exactness of these variables...it's
>been a while) and you have a new name when you compile.  Performing
>httpd -v will tell you what it is if you have access to the box.
>
>-----Original Message-----
>From: charrin2at_private [mailto:charrin2at_private] 
>Sent: Tuesday, July 08, 2003 11:46 AM
>To: pen-testat_private
>Subject: Unusual Web Server
>
>All,
>
>I have found a web server that I cannot identify. It is listening on
>port 5050. When I telnet to it I get:
>
>telnet host.foobar.com 5050
>Trying 10.10.10.10...
>Connected to host.foobar.com.
>Escape character is '^]'.
>
>HTTP/1.1 400 Bad Request
>Date: Tue,  8 July 2003 14:59:05
>Server: Web/R5_2_2
> 
>400 Bad Request
>Connection closed by foreign host.
>
>
>If I try to browse to it I am prompted for a username / password. After
>entering the wrong password I get the ususal 401 unauthorized. The
>default page is layout.html
>
>Any help would be appreciated.
>
>--Chris
>
>
>
>------------------------------------------------------------------------
>---
>The Lightning Console aggregates IDS events, correlates them with
>vulnerability info, reduces false positives with the click of a button,
>anddistributes this information to hundreds of users.
>
>Visit Tenable Network Security at http://www.tenablesecurity.com to
>learn more.
>------------------------------------------------------------------------
>----
>
>
>
>
>---------------------------------------------------------------------------
>The Lightning Console aggregates IDS events, correlates them with
>vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
>
>Visit Tenable Network Security at http://www.tenablesecurity.com to learn
>more.
>----------------------------------------------------------------------------

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with 
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn 
more.
----------------------------------------------------------------------------

Next message: Derek Grocke: "Ingress II 2.6 scripts needed"
Previous message: Gwendolynn ferch Elydyr: "Re: Product review postings - Suggested Solution"
Maybe in reply to: charrin2at_private: "Unusual Web Server"
Next in thread: Jeff Bollinger: "Re: Unusual Web Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 08 2003 - 17:06:26 PDT