scanning from a webserveR?
Hi all,
we run a webserver here that has over 1000 webhosts. we have about 30 users
with telnet access and all of our customers have cgi access.
now, we have received a report of someone using our webserver to port scan
another machine starting on port 4000 and decreasing one port at a time..
how on earth could i start to look for something like this? it could have
been done through the web or through a users telnet session, and been done
with a file named anything...
anyone have any ideas how to chase something like this down?
Regards,
Marc-Adrian Napoli
Connect Infobahn Australia
+61 2 92811750
Reply to: