RE: Odd logs

["Hans Brederode" <hans () guardianangel nl>]

In Scott's defense, I don't think that a special someone is pulling his
chain, 'cause I'm also seeing quite a lot of HTTP CONNECT's to that same
address and port from all over the world.
So (although I know that it's 'leet') ... I am also curious about what they
are trying to achieve with this request.

Regards

Hans Brederode



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Dave Killion
Sent: Wednesday, June 04, 2003 17:26
To: 'Scott M. Algatt'; full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Odd logs


Just an observation, but 1337 is script-kiddie for "leet" = elite.  I
suspect someone's yanking your chain.

I hope this information is helpful,

Dave Killion
Senior Security Engineer
NetScreen Security Group, NetScreen Technologies, Inc.



-----Original Message-----
From: Scott M. Algatt [mailto:salgatt () turtleshell net]
Sent: Wednesday, June 04, 2003 6:57 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Odd logs


I wasn't sure if I could get any help on this one.  I saw an odd entry in
one of my web server log files:

GET ~1.3.3.7:1337

The server is an IIS 5.0 server.  The only thing that I locate concerning
that port is that it was for DirectTV Catalog?

Any help would be appreciated.


Regards,

Scott M. Algatt

Behold the turtle. He makes progress only when he sticks his neck out.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html