Re: strange HTTP requests
bugtraq_at_cgisecurity.net
Date: 08/26/03
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: strange web traffic"
- Maybe in reply to: Bill Carlson: "strange HTTP requests"
- Next in thread: Bill Carlson: "Re: strange HTTP requests"
- Reply: Bill Carlson: "Re: strange HTTP requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: wcarlson@vh.org (Bill Carlson) Date: Tue, 26 Aug 2003 12:29:13 -0400 (EDT)
>
> On Tue, 26 Aug 2003 bugtraq@cgisecurity.net wrote:
>
> > This is a perfectly valid http request. Opening up a raw connection to "vh.org" I see the following.
> >
> > Request
> > GET / HTTP/1.0
> > Host: vh.org
>
> Valid yes. Suspicious, also yes. Any of the many client browsers, indeed
> many web spiders will at least send an Agent header. The sparse request
Yes many will, but not all. I know of people who have designed spiders for the company they work for without assigning
a user-agent header. Most search engines on the otherhand will assign one for their spiders. I agree though it is fairly
common to assign one. Have you tried identifying the owner of the ip address/blocks?
I'm curious if perhaps it is a "in house" spider that perhaps isn't working/designed properly(like someone checking to see if they site has changed).
> alone does not equal hositile intent, I agree. However, the same user
> attempting to visit the URL "http://vh.org/" every five minutes, 24/7? Not
> normal behavior.
>
Ah, I overlooked this at the bottom of your post my bad.
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: strange web traffic"
- Maybe in reply to: Bill Carlson: "strange HTTP requests"
- Next in thread: Bill Carlson: "Re: strange HTTP requests"
- Reply: Bill Carlson: "Re: strange HTTP requests"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
