From owner-freebsd-security Tue Feb 2 14:05:43 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA12440 for freebsd-security-outgoing; Tue, 2 Feb 1999 14:05:43 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from host07.rwsystems.net (kasie.rwsystems.net [209.197.192.103]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA12424 for ; Tue, 2 Feb 1999 14:05:35 -0800 (PST) (envelope-from jwyatt@RWSystems.net) Received: from kasie.rwsystems.net([209.197.192.103]) (1307 bytes) by host07.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Tue, 2 Feb 1999 15:56:39 -0600 (CST) (Smail-3.2.0.104 1998-Nov-20 #1 built 1998-Dec-24) Date: Tue, 2 Feb 1999 15:56:37 -0600 (CST) From: James Wyatt To: Dan Langille cc: Mike Holling , freebsd-security@FreeBSD.ORG Subject: Re: what were these probes? In-Reply-To: <19990202065625.CSGF678125.mta2-rme@wocker> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 2 Feb 1999, Dan Langille wrote: > On 1 Feb 99, at 22:28, Mike Holling wrote: > > > Tonight I found these entries in my log files. What were they looking > > > for? Was this a spammer looking for exploits? > > My offhand guess is that this was indeed some kind of automated script > > looking for a set of known security holes. > Looks that way to me too. Messages I've received off list seem to > indicate that the http probes were well known exploits. And they all > failed. It seems that the security in place has done it's job. Notice that they are coming from a hostname beginning ns.*.com. Looks like someone's nameserver wasn't as lucky as your webserver... 8{( To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message