Re: this is a port scan, right?

From: Si Ballenger (shb*NO*SPAM*_at_comporium.net)
Date: 07/30/05 

Date: Sat, 30 Jul 2005 19:20:11 GMT

On 30 Jul 2005 06:07:49 -0700, "Bush is a Fascist"
<z333r@yahoo.com> wrote:

>Hi all,
>
>My webserver is telling me that it has received the following
>types of accesses repeatedly from several of my fellow comcast
>subscribers.
>
>1. they access port 80 but they fail to send by HTTP
> request: zero bytes received.
>
>2. soon after they access port 80 again and send a very short
> HTTP request, consisting of "GET /" line, a Host line,
> and sometimes a long Authenication line. My server
> successfully write()'s bytes back to the client program.
> Once, the Authentication line looked very odd, like a
> bunch of zero bytes with a chunk of perhaps program code
> in the middle.
>
>Keep in mind that no domain is associated with my server's
>IP.
>
>IPs of offenders are always similar to my own IP.
>
>So they're port scanning, right?
>
>Thanks
>333

Somebody probably reloaded windows XP on their computer from
their CD and got hacked with a trojan before they could even
download the patches. Last summer I got a new laptop with XP home
and connected it to the net to download some programs. I picked
up a trojan within an hour just using the unpatched IE for
brousing. Without the security patches you can be hacked within
minutes.