View previous topic :: View next topic |
Author |
Message |
timshepard Guest
|
Posted: Wed Jul 17, 2002 8:53 pm Post subject: Weird Entry in Log file |
|
|
:!:
Hi, I installed Abyss on my DSL/ ICS Networks Gateway computer 4 days ago and I think it's great!
Checking the log files, though I see a troubling entry. Along with scads of Nimda virus probes (all failing) I get the following:
212.47.206.164 - - [17/Jul/2002:06:45:49 +1133] "GET http://www.yahoo.com/ HTTP/1.1" 200 702 "" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
I don't know who this IP is, but it looks to me like his request may have been successful. Is it possible my system is exploitable as an anonymous proxy now? |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
Posted: Thu Jul 18, 2002 12:05 am Post subject: Re: Weird Entry in Log file |
|
|
timshepard wrote: | :!:
Checking the log files, though I see a troubling entry. Along with scads of Nimda virus probes (all failing) I get the following:
212.47.206.164 - - [17/Jul/2002:06:45:49 +1133] "GET http://www.yahoo.com/ HTTP/1.1" 200 702 "" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)"
I don't know who this IP is, but it looks to me like his request may have been successful. Is it possible my system is exploitable as an anonymous proxy now? |
The web server does not operate as a tunnel or as a proxy.
The request was successful because the server ignored the http://www.yahoo.com part of the URL and acted only as if the request was GET / . So the "hacker" who issued that request has got your / page in response (you can check that this pages size is 702).
As a conclusion, nothing unsecure occured :D _________________ Support Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
timshepard Guest
|
Posted: Thu Jul 18, 2002 8:33 pm Post subject: Thanks |
|
|
Thanks for the info.
I'm getting an awful lot of these requests, trying to access various illicit sites over and over again. Can anyone tell me what these people are trying to do? |
|
Back to top |
|
|
feamsr00 -
Joined: 04 Jun 2002 Posts: 138 Location: Phila PA
|
Posted: Mon Jul 22, 2002 7:01 pm Post subject: |
|
|
Trace thier IPs and call thier ISPs! Especially if you see a IP that keeps reapearing. |
|
Back to top |
|
|
POMP -
Joined: 04 Apr 2002 Posts: 15 Location: Houston, TX
|
|
Back to top |
|
|
Guest
|
Posted: Mon Jul 29, 2002 2:03 am Post subject: |
|
|
I would also suggest Neotrace from Neoworx, a very cool graphic tracer. |
|
Back to top |
|
|
|