RE: Strange scans

From: Ed Moyle (emoyle@scsnet.csc.com)
Date: 04/15/02 

Date: Mon, 15 Apr 2002 14:03:57 -0400
From: Ed Moyle <emoyle@scsnet.csc.com>
To: Brenna Primrose <drxlecter@phreaker.net>, incidents@securityfocus.com

> It's fairly obvious they were looking for IIS and other vulnerabilities,
> but why does "GET http://www.microsoft.com/ HTTP/1.0" appear in it?

Looks like it is testing to see if you are a proxy server...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • RE: MS IIS 5 server is hacked leaving undeletable folders and fil es
    ... MS IIS 5 server is hacked leaving undeletable folders and files ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Seeing Chuncked content
    ... Server was patched and happy. ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, ...
    (Incidents)
  • RE: Mysterious "Support" account created on Win2k server
    ... Mysterious "Support" account created on Win2k server ... > This list is provided by the SecurityFocus ARIS analyzer service. ...
    (Incidents)
  • Re: ISA Server Problems, please help
    ... Based on the rules you have listed, SecureNAT clients should only be allowed ... The All access rule for SBS Internet Users ... Web Proxy and/or Firewall Client ... > header to the publishing server instead of the actual one. ...
    (microsoft.public.windows.server.sbs)
  • RE: Simple ISA 2004 questions
    ... You'd better create a new GPO for IE proxy, ... Run "gpmc.msc" in SBS server, ... ISA Server 2004 Query can give you some help. ... In the Microsoft Internet Security and Acceleration Server 2004 console, ...
    (microsoft.public.windows.server.sbs)