Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents: Re: Unusual entry in Apache logs

Re: Unusual entry in Apache logs

From: Rob Thomas <robt_at_cymru.com>
Date: Fri, 30 May 2008 13:59:35 -0500

Hi, Neil.

> 125.224.192.192 - - [29/May/2008:09:15:34 -0500] "\x05\x01" 501 3100 "-" "-"

This IP has been sending spam since at least 2008-04-24 15:34:38 UTC.
It's also been scanning for the typical proxy ports lately (most
recently 2008-05-29 02:34:16 UTC), e.g. TCP 8080, TCP 3128, TCP 1080,
and TCP 80. I suspect this is what it was doing when it visited your
server. Possibly it's a bot.

Thanks,
Rob.

-- 
Rob Thomas
Team Cymru
The WHO and WHY team
http://www.team-cymru.org/

Received on May 30 2008

This message: [ Message body ]
Next message: Kevin Day: "Re: Unusual entry in Apache logs"
Previous message: Kosala Atapattu: "Re: Unusual entry in Apache logs"
In reply to: Neil Dickey: "Unusual entry in Apache logs"
Next in thread: Kevin Day: "Re: Unusual entry in Apache logs"
Reply: Kevin Day: "Re: Unusual entry in Apache logs"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]