Date: Wed, 3 Feb 1999 17:25:25 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: James Wyatt <jwyatt@RWSystems.net> Cc: Mike Holling <myke@ees.com>, freebsd-security@FreeBSD.ORG Subject: Re: what were these probes? Message-ID: <19990203042530.GQPY682101.mta1-rme@wocker> In-Reply-To: <Pine.BSF.4.05.9902021409070.13018-100000@kasie.rwsystems.net> References: <19990202065625.CSGF678125.mta2-rme@wocker>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 Feb 99, at 15:56, James Wyatt wrote:
> On Tue, 2 Feb 1999, Dan Langille wrote:
> > On 1 Feb 99, at 22:28, Mike Holling wrote:
> > > > Tonight I found these entries in my log files. What were they looking
> > > > for? Was this a spammer looking for exploits?
> > > My offhand guess is that this was indeed some kind of automated script
> > > looking for a set of known security holes.
> > Looks that way to me too. Messages I've received off list seem to
> > indicate that the http probes were well known exploits. And they all
> > failed. It seems that the security in place has done it's job.
>
> Notice that they are coming from a hostname beginning ns.*.com. Looks
> like someone's nameserver wasn't as lucky as your webserver... 8{(
>
FWIW, they appear to be online again.
--
Dan Langille
The FreeBSD Diary
http://www.FreeBSDDiary.com/freebsd
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990203042530.GQPY682101.mta1-rme>