I would try using netcat http://www.atstake.com/research/tools/network_utilities/ instead of telnet. Many versions of telnet try to send a userid as part of the connection and I think that is why you are getting the "400 Bad Request" initially.
A request to try:
OPTIONS * HTTP/1.1 Host: host.foobar.com
This will generally spill the beans.
On Tuesday, July 8, 2003, at 11:45 AM, "" <[EMAIL PROTECTED]> wrote:
All,
I have found a web server that I cannot identify. It is listening on port
5050. When I telnet to it I get:
telnet host.foobar.com 5050 Trying 10.10.10.10... Connected to host.foobar.com. Escape character is '^]'.
HTTP/1.1 400 Bad Request Date: Tue, 8 July 2003 14:59:05 Server: Web/R5_2_2
400 Bad Request Connection closed by foreign host.
If I try to browse to it I am prompted for a username / password. After
entering the wrong password I get the ususal 401 unauthorized. The default
page is layout.html
Any help would be appreciated.
--Chris
----------------------------------------------------------------------- ----
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------- -----
--- Bill Pennington, CISSP, CCNA Chief Technology Officer WhiteHat Security Inc. http://www.whitehatsec.com
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn more.
----------------------------------------------------------------------------
