RE: Strange scans

From: Ed Moyle (emoyle@scsnet.csc.com)
Date: 04/15/02


Date: Mon, 15 Apr 2002 14:03:57 -0400
From: Ed Moyle <emoyle@scsnet.csc.com>
To: Brenna Primrose <drxlecter@phreaker.net>, incidents@securityfocus.com


> It's fairly obvious they were looking for IIS and other vulnerabilities,
> but why does "GET http://www.microsoft.com/ HTTP/1.0" appear in it?

Looks like it is testing to see if you are a proxy server...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com