Security Incidents mailing list archives

RE: Cobalt Scan

From: Jeroen Wesbeek <duh () DoWebWeDo com>
Date: Fri, 27 Jul 2001 09:55:46 +0200

Hi there,

After I read this mail I checked our logs and the same thing poped up there:

access_log:195.92.95.61 - - [25/May/2001:19:35:34 +0200] "HEAD
/cobalt-images/welcome2.gif HTTP/1.0" 404 0
access_log:195.92.95.61 - - [24/Jun/2001:03:50:57 +0200] "GET
/cobalt-images/welcome2.gif HTTP/1.0" 404 291
error_log:[Fri May 25 19:35:34 2001] [error] [client 195.92.95.61] File does
not exist: /to/vhost/cobalt-images/welcome2.gif
error_log:[Sun Jun 24 03:50:57 2001] [error] [client 195.92.95.61] File does
not exist: /to/vhost/cobalt-images/welcome2.gif

I noticed the IP adress is (probably) the same and it reverses to:

Name:    ariston.netcraft.com
Address:  195.92.95.61

Appearantly somebody just used netcraft to see more information about your
server :)
So no worries :)


dowebwedo
Jeroen Wesbeek
.programming
Nieuwekade 213 | 3511 RW Utrecht
The Netherlands
p 030 232 63 38 | f  030 234 26 16

[roses are red, violets are blue,
         I am schizophrenic and so am I ]


-----Original Message-----
From: Ryan W. Maple [mailto:ryan () guardiandigital com]
Sent: donderdag 26 juli 2001 19:04
To: incidents () securityfocus com
Subject: Cobalt Scan



I just got this in one of my access_log's today:

  195.92.95.XX - - [26/Jul/2001:10:25:57 -0400] "HEAD
/cobalt-images/welcome2.gif HTTP/1.0" 404 0

It looks like a scan for a Cobalt box.  I don't have one but I haven't
seen this mentioned here before (probably part of some bigger kit I'd
assume).

Cheers,
Ryan

 +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
   Ryan W. Maple          "I dunno, I dream in Perl sometimes..."  -LW
   Guardian Digital, Inc.                     ryan () guardiandigital com
 +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Cobalt Scan Ryan W. Maple (Jul 26)
- <Possible follow-ups>
- RE: Cobalt Scan Jeroen Wesbeek (Jul 29)
  - RE: Cobalt Scan Sven Carstens (Jul 30)
    - RE: Cobalt Scan Tom Laermans (Jul 30)