Knowledgebase

Knowledgebase

Portal Home > Knowledgebase > Articles Database > w00tw00t


w00tw00t




Posted by mixmox, 08-01-2009, 05:44 AM
82.152.231.210 - - [30/Jul/2009:00:12:49 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 460 82.152.231.210 - - [30/Jul/2009:00:12:49 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 460 122.212.152.212 - - [30/Jul/2009:05:17:59 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 460 122.212.152.212 - - [30/Jul/2009:05:17:59 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 460 86.57.250.109 - - [31/Jul/2009:11:54:50 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 578 86.57.250.109 - - [31/Jul/2009:11:54:50 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 578
Posted by bear, 08-01-2009, 06:18 AM
And your question is?
Posted by eth00, 08-01-2009, 07:56 AM
Did you try googling that? It is not exactly an uncommon thing to have appear in weblogs...
Posted by mixmox, 08-01-2009, 08:15 AM
sorry, my browser was crash and i cant edit my post,. this is my httpd log file. this is a ddos to0l. i mean w00tw00t / how can i protect my server from this attack ?
Posted by khunj, 08-01-2009, 09:40 AM
It's not aDDoS tool, it's a web banner scanner. Unless you have an old IIS 5 server which hasn't been updated/patched for the last 10 years you don't need to worry about it.
Posted by mixmox, 08-01-2009, 11:55 AM
so why some one use it?
Posted by Beast5, 08-01-2009, 12:35 PM
welcome to the internet, its a PORT 80 scan - you can ignore it.
Posted by mixmox, 08-01-2009, 02:00 PM
and is it safe ? i mean this scan. whay some one scan my port? how can i ignore it ?
Posted by khunj, 08-01-2009, 02:02 PM
Some script-kiddies think they can hack a Linux server using old MS WebDav/NetBios vulnerabilities.
Posted by Beast5, 08-01-2009, 02:59 PM
what are you talking about? Linux Server > Netbios ? its DFIND scanner, on port 80 , not netbios port. OP: Its a random port scan by some kid/bot, you can ignore it. Just keep your server up to date and apply all needed security settings / patches for all your software. keep a good password policy - and you should be safe.
Posted by khunj, 08-01-2009, 05:05 PM
It's a NetBios/Webdav vulnerabily scanner. The w00tw00t scan on port 80 is just a harmless HTTP banner scan to get the webserver name as it is looking for IIS servers. It can look for open proxies too, but in that case the request is different (POST request to googlesyndication.com).


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
rsync password (Views: 580)
HostSupreme.co.uk - Anyone had any experiance? (Views: 564)
my code is stolen (Views: 587)
CentOS 5.3,vsftpd, high iowait, high LOAD :( (Views: 572)
bash shell script for ioping disk I/O tests (Views: 587)


Language:

Contact us

Copyright © 2018 DC International LLC. - All Rights Reserved.