[TriLUG] Strange domains in my httpd logs
Brian Henning
brian at strutmasters.com
Mon Oct 16 10:49:44 EDT 2006
Hi Folks,
I understand in principle why I might see
GET http://somedomain.thatIdonothost.com/blah [...] 404
in my apache logs (GET body is independent of the TCP connection; I can
theoretically ask any server for any document; it just helps to ask the
one that has the document I want...), but it seems odd that anyone would
do that on purpose. Short of DNS poisoning somewhere, I can only
conceive that maybe it's some vulnerability that some bot is scanning me
for. In particular, I've seen these two start popping up with
regularity in the past few days:
POST http://tcontent.quickbooks.com/PingCompanyRq HTTP/1.0 with response
code(s) 4 404 responses
GET http://crl.verisign.com/Class3SoftwarePublishers.crl HTTP/1.1 with
response code(s) 8 404 responses
I did a bit of googling on the first one (yes Mr. Google Trademark Guy,
I mean "using Google specifically") and didn't come up with anything
that seemed very related or offered any explanations.
Do those particular URLs look familiar to anyone? Am I being probed for
something that I need to take action to protect?
Thanks a ton,
~Brian
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
More information about the TriLUG
mailing list