|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: faded (faded_at_911.net)
Date: Mon Jul 29 2002 - 14:45:40 CDT
Not only are they scanning for open web proxies, but they're scanning for
open web proxies that would allow mail relaying as the :25 shows.
You're probably seeing the result of a spammer in search of open relays
to abuse.
-Russell
At 02:34 PM 7/29/2002 -0400, you wrote:
>The most recent scan I observed added more ports (the 4480 and 6588 are new),
>and now the test pattern is a
> CONNECT ipaddress:25 HTTP/1.0
>where ipaddress is a different host than the scanner.
>
>Somebody is collecting web proxies. I am interested in hearing whether
>other sites are seeing this, or whether it's somebody uniquely focussed
>on my site.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]