RE: HTTP Probe by Webserver
From: Vince Sola (sola-v@home.com)Date: 10/11/01
- Previous message: Dean Cunningham: "RE: HTTP Probe by Webserver"
- In reply to: Alan Wright: "HTTP Probe by Webserver"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Vince Sola" <sola-v@home.com> To: "'Alan Wright'" <AlanJWright@manx.net>, <incidents@securityfocus.com> Subject: RE: HTTP Probe by Webserver Date: Wed, 10 Oct 2001 19:52:45 -0400 Message-ID: <000001c151e6$a9f1ab40$0e3f0941@gambrills1.md.home.com>
That host has been had by the Nimda worm..so you may just be seeing nimda
probes.
Vince
> -----Original Message-----
> From: Alan Wright [mailto:AlanJWright@manx.net]
> Sent: Wednesday, October 10, 2001 6:31 PM
> To: incidents@securityfocus.com
> Subject: HTTP Probe by Webserver
>
>
> Dear All
>
> I have noticed tonight that BlackIce Defender has flagged up
> an Http probe
> from a webserver @195.10.146.197.
> This comes back as a Finnish IP.
> Anyone know if the server has been compromised and is
> randomly probing or
> is someone using it as a jump off point for some probing
>
> Any help would be gratefully received.
>
>
>
> All the best
>
> Alan
>
> { Alan J Wright B.Sc(Hons)(Open)}
> {SMS or Phone +447624462772}
>
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Dean Cunningham: "RE: HTTP Probe by Webserver"
- In reply to: Alan Wright: "HTTP Probe by Webserver"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
