On 8/23/07, Christopher Schultz [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Duncan,
Not to belabor this thread too much, but...
Lyallex wrote:
I never actually suggested [curl] was a
hacking tool
See the subject line.
Yes ... fair point :-}
Curl is a command line http client. It is available for almost all unix/linux
platforms.
It is easy to use in scripts to download stuff from http servers. It is not a
hacking tool.
You should look at what people are downloading/requesting with it.
Ronald.
On Thu Aug 23 09:25:51 CEST 2007
From: Lyallex [mailto:[EMAIL PROTECTED]
curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.
I have been to http://curl.haxx.se/ and it seems to my (currently)
inexperienced eye
that this software _could_ be used to do all sorts of despicable
things to a web site.
Or it could be
Lyallex wrote:
This question concerns access to a running Tomcat instance by a
previously unseen/unknown user agent.
[...]
Is it a 'Tomcat' question ?... I'm not sure but here goes anyway.
No.
The following might be quite harmless but it would be nice to hear of
others exp' in this area
You should look at the client query, not agent to get an idea about
security. Curl client is not that uncomon. I use is (as long as wget,
depending on server) to download files from public server directy to my
own server. Example of use here are
- download a JVM from sun website (wget 'url' or
OK, that's all good advice ...
[EMAIL PROTECTED]:/usr/tomcat/logs$ cat access.log | grep curl
69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] GET /favicon.ico
HTTP/1.1 200 2238 - curl/7.12.1 (i386-redhat-linux-gnu)
libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6
69.25.212.171 - -
www.who.is
Much more info
...tracking the perpetrator down now ... this is fun.
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
OK, that's all good advice ...
[EMAIL PROTECTED]:/usr/tomcat/logs$ cat access.log | grep curl
69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] GET /favicon.ico
Once you find them, you might be hard pressed to actually do anything
about it beyond getting in touch with their ISP.
It might be easier to just block them at the firewall or on the server
tomcat runs on with something like iptables.
Mark
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
So, looking for favicon.ico and doing a HEAD on my entry page, doesn't
look to suspicious I guess.
...tracking the perpetrator down now ... this is fun.
While the exercise may be fun, you are most
Just to nip this one early before the discussion strays too far, curl is
NOT a hacking tool. It's just a command line http client useful in all
sorts of linux/unix OS scripts.
To determine if it's being used to probe your site, you need to pay
attention to WHAT is being requested. The brief
On 8/23/07, David Smith [EMAIL PROTECTED] wrote:
Just to nip this one early before the discussion strays too far, curl is
NOT a hacking tool. It's just a command line http client useful in all
sorts of linux/unix OS scripts.
Yep, I understand what curl is now ... spent some time on the
Sorry, I wasn't after you. I was just trying to catch a discussion that
could easily lose sight of the original question.
For the benefit of people on the list, curl can be use for good purposes
like downloading packages, a test of server status (e.g. in heart beat
script activating a backup
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
Although ... depending on what you consider hacking it certainly seems
like it could easily be used to run a crude DOS attack (for example)
simply by writing a shell script with a loop in it, like many other
otherwise benign applications out there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Duncan,
Not to belabor this thread too much, but...
Lyallex wrote:
I never actually suggested [curl] was a
hacking tool
See the subject line.
Although ... depending on what you consider hacking it certainly seems
like it could easily be used
14 matches
Mail list logo