Weird Entry in Log file

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
timshepard
Guest





PostPosted: Wed Jul 17, 2002 8:53 pm    Post subject: Weird Entry in Log file Reply with quote

:!:
Hi, I installed Abyss on my DSL/ ICS Networks Gateway computer 4 days ago and I think it's great!

Checking the log files, though I see a troubling entry. Along with scads of Nimda virus probes (all failing) I get the following:
212.47.206.164 - - [17/Jul/2002:06:45:49 +1133] "GET http://www.yahoo.com/ HTTP/1.1" 200 702 "" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"

I don't know who this IP is, but it looks to me like his request may have been successful. Is it possible my system is exploitable as an anonymous proxy now?
Back to top
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Thu Jul 18, 2002 12:05 am    Post subject: Re: Weird Entry in Log file Reply with quote

timshepard wrote:
:!:
Checking the log files, though I see a troubling entry. Along with scads of Nimda virus probes (all failing) I get the following:
212.47.206.164 - - [17/Jul/2002:06:45:49 +1133] "GET http://www.yahoo.com/ HTTP/1.1" 200 702 "" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"

I don't know who this IP is, but it looks to me like his request may have been successful. Is it possible my system is exploitable as an anonymous proxy now?

The web server does not operate as a tunnel or as a proxy.
The request was successful because the server ignored the http://www.yahoo.com part of the URL and acted only as if the request was GET / . So the "hacker" who issued that request has got your / page in response (you can check that this pages size is 702).
As a conclusion, nothing unsecure occured :D
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
timshepard
Guest





PostPosted: Thu Jul 18, 2002 8:33 pm    Post subject: Thanks Reply with quote

Thanks for the info.
I'm getting an awful lot of these requests, trying to access various illicit sites over and over again. Can anyone tell me what these people are trying to do?
Back to top
feamsr00
-


Joined: 04 Jun 2002
Posts: 138
Location: Phila PA

PostPosted: Mon Jul 22, 2002 7:01 pm    Post subject: Reply with quote

Trace thier IPs and call thier ISPs! Especially if you see a IP that keeps reapearing.
Back to top View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
POMP
-


Joined: 04 Apr 2002
Posts: 15
Location: Houston, TX

PostPosted: Tue Jul 23, 2002 7:06 pm    Post subject: Trace IP Addresses Reply with quote

This site is kind of cool for tracing IP addresses:
http://www.networldmap.com/TryIt.htm
Back to top View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Guest






PostPosted: Mon Jul 29, 2002 2:03 am    Post subject: Reply with quote

I would also suggest Neotrace from Neoworx, a very cool graphic tracer.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group