scanning from a webserveR?

To: <debian-user@lists.debian.org>
Subject: scanning from a webserveR?
From: "Marc-Adrian Napoli" <marcadrian@cia.com.au>
Date: Wed, 15 Mar 2000 15:14:25 +1100
Message-id: <[🔎] 010101bf8e34$f2c7fee0$24db3fcb@cia.com.au>
References: <[🔎] ENBLNHIAFLCMFCAA@my-deja.com> <[🔎] Pine.LNX.4.21.0003132305320.4368-100000@Scorpio> <[🔎] 14543.704.954303.632077@vaio.occamsrazor.net> <[🔎] 20000314221236.B28145@anomie.ods.org>

Hi all,

we run a webserver here that has over 1000 webhosts. we have about 30 users
with telnet access and all of our customers have cgi access.

now, we have received a report of someone using our webserver to port scan
another machine starting on port 4000 and decreasing one port at a time..

how on earth could i start to look for something like this? it could have
been done through the web or through a users telnet session, and been done
with a file named anything...

anyone have any ideas how to chase something like this down?

Regards,

Marc-Adrian Napoli
Connect Infobahn Australia
+61 2 92811750

Reply to:

References:
- Rebuilding Kernel
  - From: " Shane " <shane6118@my-Deja.com>
- Re: Rebuilding Kernel
  - From: Andrei Ivanov <scorpio@arshes.dyndns.org>
- Re: Rebuilding Kernel
  - From: "Neil L. Roeth" <neil@occamsrazor.net>
- Re: Rebuilding Kernel
  - From: Brad <lists@anomie.ods.org>

Prev by Date: Re: OT: export regs Re: 128 bit Netscape and Fortify
Next by Date: Re: home network: will bo play with potato?
Previous by thread: Re: Rebuilding Kernel
Next by thread: Re: Rebuilding Kernel
Index(es):
- Date
- Thread