TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
>what appears to be newly deployed Apache web servers (Test
>Page for Red Hat Linux's Apache Installation.) There
>doesn't seem to be any malicious intent
>behind these scans. Each time I get the scan it will go
>through all of the class C addresses that we own.
The fact that it runs through your entire Class C makes me very suspicious
that someone is "doorknob rattling" your site. I know of no reason why an
Apache server would do anything of the sort.
The fact that you get an Apache test page when you hit the IP back with your
browser merely means that the source system is an "out of the box" install
of some OS (such as Linux or BSD) that bundles Apache. It doesn't mean that
system is in any way intended to be a web server.
It sounds to me like some script kiddies are scanning you from their
out-of-the-box install of Linux, or someone more experienced has compromised
a system elsewhere and is using it to scan you.
=====================================
Tim Farley
X-Force Researcher
Internet Security Systems
[EMAIL PROTECTED]
(678) 443-6000 / Direct Dial (678) 443-6189 / fax (678) 443-6498
http://www.iss.net
Internet Security Systems - The Power to Protect
=====================================
