Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: strange HTTP scan/attack?
From: Bryan Andersen <bryan () visi com>
Date: Tue, 28 Nov 2000 18:30:22 -0600
Jim Bacon wrote:


I am seeing someone repeating hitting a CGI script with a HEAD request and
then submitting a query of the form:

[snip]

Can anyone offer any clues tp what this is and what I can do about it?  It
appears to be originating from a UUnet dialup in the UK, so any complaints
to a live human are impossible and email complaints just an excercise in my
typing practice.


First: Block the host IP or netblock at your firewall if possible.
       If you don't have that control, go into your web server and
       use it's access controls to lockout that host.  For Apache
       it would look something like this:
            <Location /cgi-bin>
               Order deny,allow
               Deny from hostname.or.IP.number.of.offender
               Allow from all
            </Location>
        This would go along with statements like it in the config file.
        You will need to restart Apache, but you can use the gracefull
        option.

Second: Still send that email to uunet about the abuse, they need to
know.


--
|  Bryan Andersen   |   bryan () visi com   |   http://softail.visi.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]