Portal Home > Knowledgebase > Articles Database > w00tw00t
w00tw00t
Posted by mixmox, 08-01-2009, 05:44 AM |
82.152.231.210 - - [30/Jul/2009:00:12:49 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 460
82.152.231.210 - - [30/Jul/2009:00:12:49 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 460
122.212.152.212 - - [30/Jul/2009:05:17:59 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 460
122.212.152.212 - - [30/Jul/2009:05:17:59 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 460
86.57.250.109 - - [31/Jul/2009:11:54:50 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 578
86.57.250.109 - - [31/Jul/2009:11:54:50 -0700] "GET /w00tw00t.at.ISC.SANS.DFind: ) HTTP/1.1" 400 578
|
Posted by bear, 08-01-2009, 06:18 AM |
And your question is?
|
Posted by eth00, 08-01-2009, 07:56 AM |
Did you try googling that? It is not exactly an uncommon thing to have appear in weblogs...
|
Posted by mixmox, 08-01-2009, 08:15 AM |
sorry, my browser was crash and i cant edit my post,. this is my httpd log file.
this is a ddos to0l. i mean w00tw00t /
how can i protect my server from this attack ?
|
Posted by khunj, 08-01-2009, 09:40 AM |
It's not aDDoS tool, it's a web banner scanner. Unless you have an old IIS 5 server which hasn't been updated/patched for the last 10 years you don't need to worry about it.
|
Posted by mixmox, 08-01-2009, 11:55 AM |
so why some one use it?
|
Posted by Beast5, 08-01-2009, 12:35 PM |
welcome to the internet, its a PORT 80 scan - you can ignore it.
|
Posted by mixmox, 08-01-2009, 02:00 PM |
and is it safe ?
i mean this scan. whay some one scan my port?
how can i ignore it ?
|
Posted by khunj, 08-01-2009, 02:02 PM |
Some script-kiddies think they can hack a Linux server using old MS WebDav/NetBios vulnerabilities.
|
Posted by Beast5, 08-01-2009, 02:59 PM |
what are you talking about?
Linux Server > Netbios ?
its DFIND scanner, on port 80 , not netbios port.
OP: Its a random port scan by some kid/bot, you can ignore it.
Just keep your server up to date and apply all needed security settings / patches for all your software.
keep a good password policy - and you should be safe.
|
Posted by khunj, 08-01-2009, 05:05 PM |
It's a NetBios/Webdav vulnerabily scanner. The w00tw00t scan on port 80 is just a harmless HTTP banner scan to get the webserver name as it is looking for IIS servers.
It can look for open proxies too, but in that case the request is different (POST request to googlesyndication.com).
|
Add to Favourites Print this Article
Also Read