Thanks.. My guess is this is to check whether a webserver is WebDAV enabled and exploitable?
Rick Monday, June 16, 2003, 10:49:54 PM, you wrote: BV> Someone is testing your site to see if the web server software supports BV> CONNECT tunneling. If it's not supported it will return an error, which BV> is why a fake IP address such as 1.3.3.7 can be supplied. BV> ------ BV> Ben Vaughn BV> Security Analyst BV> Blackbird Technologies BV> 703-796-1438 W / 703-582-4551 C BV> [EMAIL PROTECTED] BV> ------ BV> -----Original Message----- BV> From: Randy M. Nash [mailto:[EMAIL PROTECTED] BV> Sent: Monday, June 16, 2003 1:07 PM BV> To: Rick Hoekman; [EMAIL PROTECTED] BV> Subject: Re: Strange log entry BV> Hmm... 1.3.3.7. I haven't seen it, but it's BV> obviously haxor-speak for 'lite. BV> Probe? Trojan? Thoughts? BV> Randy BV> --- Rick Hoekman <[EMAIL PROTECTED]> wrote: >> Might be offtopic but anyone seen this line in >> webserver logs >> and knows what it is? >> >> 192.168.1.1 - - [16/Jun/2003:17:33:50 +0200] >> "CONNECT 1.3.3.7:1337 HTTP/1.0" 405 230 "-" "-" >> >> Rick >> BV> ===== BV> Randy M. Nash BV> @RISK Online BV> http://www.atriskonline.com BV> __________________________________ BV> Do you Yahoo!? BV> SBC Yahoo! DSL - Now only $29.95 per month! BV> http://sbc.yahoo.com
