-- Original message --
From: Ben Scott [EMAIL PROTECTED]
Anyone know of a good way to look-up these kinds of things? That is
to say, when one sees what is apparently a probe or attach, is there
some website of signatures somewhere that one could check
On 8/3/07, Lloyd Kvam [EMAIL PROTECTED] wrote:
I assume this was an attempt to use my web server as a client proxy to
reach a different site.
Or perhaps a probe for some known vulnerability in that PHP script,
whatever it is.
Either way, Googling for proxygrade.php seems to indicate it's a
222.185.109.136 - - [02/Aug/2007:05:46:07 -0400] GET
http://207.150.184.73/proxygrade.php?hash=E54B5A88967F08F244A2DA1B00506714C03DEC23EC07
HTTP/1.1 404 291 - Mozilla/4.0 (compatible; MSIE 6.01; Windows NT 5.0)
136.109.185.222.in-addr.arpa domain name pointer
On Aug 3, 2007, at 09:25, Ben Scott wrote:
That is
to say, when one sees what is apparently a probe or attach, is there
some website of signatures somewhere that one could check against,
and/or report possible new ones?
And, at some reasonable threshold, automatically add an IPTables