Security Incidents: Re: Unusual entry in Apache logs

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Unusual entry in Apache logs

From: Rob Thomas <robt () cymru com>
Date: Fri, 30 May 2008 13:59:35 -0500

Hi, Neil.

125.224.192.192 - - [29/May/2008:09:15:34 -0500] "\x05\x01" 501 3100 "-" "-"

This IP has been sending spam since at least 2008-04-24 15:34:38 UTC.It's also been scanning for the typical proxy ports lately (mostrecently 2008-05-29 02:34:16 UTC), e.g. TCP 8080, TCP 3128, TCP 1080,and TCP 80. I suspect this is what it was doing when it visited yourserver. Possibly it's a bot.


Thanks,
Rob.
--
Rob Thomas
Team Cymru
The WHO and WHY team
http://www.team-cymru.org/

By Date By Thread

Current thread:

Unusual entry in Apache logs Neil Dickey (May 29)
- Re: Unusual entry in Apache logs Jonathan Adams (May 30)
  - Re: Unusual entry in Apache logs Jonathan Adams (May 30)
- Re: Unusual entry in Apache logs Kosala Atapattu (May 30)
- Re: Unusual entry in Apache logs Rob Thomas (May 30)
  - Re: Unusual entry in Apache logs Kevin Day (May 30)
- <Possible follow-ups>
- Re: Unusual entry in Apache logs krymson (May 30)
- Re: Unusual entry in Apache logs Neil Dickey (May 30)