On Mon, 26 Mar 2001, Dave Fitch wrote:
> Why do every so often I get bits like:
>
> adlax3-110.dialup.optusnet.com.au - - [25/Mar/2001:22:15:56 +1000] "GET
>http://www.yahoo.com/ HTTP/1.1" 403 218
>
> in my apache access.log?
>
> It's out of the blue, that person hasn't been looking at my
> website or anything they just appear to be requesting my
> apache to get that yahoo url. Why?
Just a guess, but maybe someone is looking for open web proxies so they can
launch a Distributed Denial Of Service attack against a web site. At the last
place I worked, the M$ Proxy Server ran on port 80, just like a normal web
server. Maybe other products (which tend to be admin'd by MCSE monkeys and the
like) also put up a web proxy-like service on port 80. Winproxy perhaps? I heard
that product had/has a stupid default password and lots of skript kiddies were
finding cable modem users (using winproxy) easy hosts for their DDoS
attacks. You wouldn't happen to be on a cable modem or ADSL connection would
you?
Just a thought....
--
8<--------8<--------8<--------8<--------8<--------8<--------8<--------
Ian Tester *8)# \7\ LINUX: because geeks will find a way
[EMAIL PROTECTED] \7\ http://www.zipworld.com.au/~imroy
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
