From owner-freebsd-security Mon Feb 1 22:55:34 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA21992 for freebsd-security-outgoing; Mon, 1 Feb 1999 22:55:34 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mta2-rme.xtra.co.nz (mta.xtra.co.nz [203.96.92.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA21987 for ; Mon, 1 Feb 1999 22:55:31 -0800 (PST) (envelope-from junkmale@pop3.xtra.co.nz) Received: from wocker ([210.55.210.87]) by mta2-rme.xtra.co.nz (InterMail v04.00.02.07 201-227-108) with SMTP id <19990202065625.CSGF678125.mta2-rme@wocker>; Tue, 2 Feb 1999 19:56:25 +1300 From: "Dan Langille" Organization: The FreeBSD Diary To: Mike Holling Date: Tue, 2 Feb 1999 19:55:28 +1300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: what were these probes? Reply-to: junkmale@xtra.co.nz CC: freebsd-security@FreeBSD.ORG References: <19990202055804.YRQY682101.mta1-rme@wocker> In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.01d) Message-Id: <19990202065625.CSGF678125.mta2-rme@wocker> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 1 Feb 99, at 22:28, Mike Holling wrote: > > Tonight I found these entries in my log files. What were they looking > > for? Was this a spammer looking for exploits? > > My offhand guess is that this was indeed some kind of automated script > looking for a set of known security holes. Looks that way to me too. Messages I've received off list seem to indicate that the http probes were well known exploits. And they all failed. It seems that the security in place has done it's job. cheers. -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message