On Wed, 08 Dec 1999 10:00:30 +0100, Heiko Degenhardt wrote:

Hallo all!

My web server was probed on ports 80, 8080 and 3128 (all ports for http/proxies, afaik).

The source issued the following command (broken to fit in the Mail): "GET http://www.rusftpsearch.net/cgi-bin/pst.pl?pstmode=writeip&psthost=195.37.62.127&pstport=80".

Can someone please point me to some information for that probe? What were they doing? Has somebody seen the same probe? Does somebody know the server www.rusftpsearch.net (I can't find some information for it).

Post the source adress from whichthe request came... this is what whoius knows about rusftpsearch.net: aragorn:~ # whois -h whois.networksolutions.com rusftpsearch.net The Data in Network Solutions' WHOIS database is provided by Network Solutions for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Network Solutions does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Network Solutions (or its systems). Network Solutions reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Registrant: EA CO. (RUSFTPSEARCH-DOM) BARLACHSTRASSE 16 BAVARIA, INGOLSTADT 85053 DE Domain Name: RUSFTPSEARCH.NET Administrative Contact, Technical Contact, Zone Contact: Hertziger, Brian (SNX5) SAN@ID.RU 1-414-329-8511 Billing Contact: Hertziger, Brian (SNX5) SAN@ID.RU 1-414-329-8511 Record last updated on 27-Oct-1999. Record created on 05-Aug-1999. Database last updated on 7-Dec-1999 16:53:53 EST. Domain servers in listed order: NS1.BLUEGRAVITY.COM 207.254.128.2 NS2.BLUEGRAVITY.COM 207.254.128.3 -- eregion.de -- administrative account