Lots of replies, but who has the link or source with proof for this code? --- Rick Hoekman <[EMAIL PROTECTED]> wrote: > Thanks.. My guess is this is to check whether a > webserver is WebDAV > enabled and exploitable? > > Rick > > > Monday, June 16, 2003, 10:49:54 PM, you wrote: > > BV> Someone is testing your site to see if the web > server software supports > BV> CONNECT tunneling. If it's not supported it > will return an error, which > BV> is why a fake IP address such as 1.3.3.7 can be > supplied. > > BV> ------ > BV> Ben Vaughn > BV> Security Analyst > BV> Blackbird Technologies > BV> 703-796-1438 W / 703-582-4551 C > BV> [EMAIL PROTECTED] > BV> ------ > > > BV> -----Original Message----- > BV> From: Randy M. Nash > [mailto:[EMAIL PROTECTED] > BV> Sent: Monday, June 16, 2003 1:07 PM > BV> To: Rick Hoekman; [EMAIL PROTECTED] > BV> Subject: Re: Strange log entry > > > BV> Hmm... 1.3.3.7. I haven't seen it, but it's > BV> obviously haxor-speak for 'lite. > > BV> Probe? Trojan? Thoughts? > > BV> Randy > BV> --- Rick Hoekman <[EMAIL PROTECTED]> wrote: > >> Might be offtopic but anyone seen this line in > >> webserver logs > >> and knows what it is? > >> > >> 192.168.1.1 - - [16/Jun/2003:17:33:50 +0200] > >> "CONNECT 1.3.3.7:1337 HTTP/1.0" 405 230 "-" "-" > >> > >> Rick > >> > > > BV> ===== > BV> Randy M. Nash > BV> @RISK Online > BV> http://www.atriskonline.com > > BV> __________________________________ > BV> Do you Yahoo!? > BV> SBC Yahoo! DSL - Now only $29.95 per month! > BV> http://sbc.yahoo.com >
===== Randy M. Nash @RISK Online http://www.atriskonline.com __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
