Show Posts
1
Beta / Re: wrong ip in log
« on: November 10, 2010, 11:46:15 AM »
I am not using any proxies or tunnels for this service. I do have a VPN in and do use SSH tunnels in but not to this server or port.
normally I don't have services on the default ports so this is the first time in a long time I have had a HTTP service on port 80.
I have added more log info below (I have changed my Host:ip) you can also see that I did get atleast 2 real IP at the bottom. I think it some kind of worm/bot scanning around the web looking for an exploitable server. I have noticed that most of the requests that have an internal IP have the same user-agent(NoScripts). I don have Noscripts installed inside my network as I mostly use Chrome. I have also had 1308 hits in 3 days, for the public server that has the service hosted on port 88 using an older version of HFS it only gets about 5-10 hits perday and it shows real IPs .
> GET / HTTP/1.1
> Host: 110.175.x.x
> User-Agent: Mozilla/5.0 (ABE, http://noscript.net/abe/wan)
> Pragma: no-cache
> Cache-Control: no-cache
10/11/2010 8:27:01 PM 192.168.1.1:58815 Sent 1460 bytes
10/11/2010 8:27:01 PM 192.168.1.1:58815 Served 4.11 K
10/11/2010 8:52:01 PM 192.168.1.1:58856 Connected
10/11/2010 8:52:01 PM 192.168.1.1:58856 Got 143 bytes
10/11/2010 8:52:01 PM 192.168.1.1:58856 Requested GET /
10/11/2010 8:52:01 PM 192.168.1.1:58856 Request dump
> GET / HTTP/1.1
> Host: 110.175.x.x
> User-Agent: Mozilla/5.0 (ABE, http://noscript.net/abe/wan)
> Pragma: no-cache
> Cache-Control: no-cache
10/11/2010 8:52:01 PM 192.168.1.1:58856 Sent 1460 bytes
10/11/2010 8:52:01 PM 192.168.1.1:58856 Served 4.11 K
10/11/2010 9:17:01 PM 192.168.1.1:58883 Connected
10/11/2010 9:17:01 PM 192.168.1.1:58883 Got 143 bytes
10/11/2010 9:17:01 PM 192.168.1.1:58883 Requested GET /
10/11/2010 9:17:01 PM 192.168.1.1:58883 Request dump
> GET / HTTP/1.1
> Host: 110.175.x.x
> User-Agent: Mozilla/5.0 (ABE, http://noscript.net/abe/wan)
> Pragma: no-cache
> Cache-Control: no-cache
10/11/2010 9:17:01 PM 192.168.1.1:58883 Sent 1460 bytes
10/11/2010 9:17:01 PM 192.168.1.1:58883 Served 4.11 K
10/11/2010 9:18:00 PM 114.76.57.13:1748 Connected
10/11/2010 9:18:00 PM 114.76.57.13:1748 Got 59 bytes
10/11/2010 9:30:54 PM 122.179.24.86:2158 Connected
10/11/2010 9:30:54 PM 122.179.24.86:2158 Got 46 bytes
10/11/2010 9:31:03 PM 217.92.71.210:43372 Connected
10/11/2010 9:31:03 PM 217.92.71.210:43372 Got 50 bytes
10/11/2010 9:42:01 PM 192.168.1.1:59284 Connected
10/11/2010 9:42:01 PM 192.168.1.1:59284 Got 143 bytes
10/11/2010 9:42:01 PM 192.168.1.1:59284 Requested GET /
10/11/2010 9:42:01 PM 192.168.1.1:59284 Request dump
> GET / HTTP/1.1
> Host: 110.175.x.x
> User-Agent: Mozilla/5.0 (ABE, http://noscript.net/abe/wan)
> Pragma: no-cache
> Cache-Control: no-cache
10/11/2010 9:42:01 PM 192.168.1.1:59284 Sent 1460 bytes
10/11/2010 9:42:01 PM 192.168.1.1:59284 Served 4.11 K
10/11/2010 9:46:28 PM 217.208.158.15:49276 Connected
10/11/2010 9:46:28 PM 217.208.158.15:49276 Got 36 bytes
10/11/2010 10:01:55 PM 174.97.155.35:56228 Connected
10/11/2010 10:01:55 PM 174.97.155.35:56228 Got 33 bytes
10/11/2010 10:07:01 PM 192.168.1.1:59445 Connected
10/11/2010 10:07:01 PM 192.168.1.1:59445 Got 143 bytes
10/11/2010 10:07:01 PM 192.168.1.1:59445 Requested GET /
10/11/2010 10:07:01 PM 192.168.1.1:59445 Request dump
normally I don't have services on the default ports so this is the first time in a long time I have had a HTTP service on port 80.
I have added more log info below (I have changed my Host:ip) you can also see that I did get atleast 2 real IP at the bottom. I think it some kind of worm/bot scanning around the web looking for an exploitable server. I have noticed that most of the requests that have an internal IP have the same user-agent(NoScripts). I don have Noscripts installed inside my network as I mostly use Chrome. I have also had 1308 hits in 3 days, for the public server that has the service hosted on port 88 using an older version of HFS it only gets about 5-10 hits perday and it shows real IPs .
> GET / HTTP/1.1
> Host: 110.175.x.x
> User-Agent: Mozilla/5.0 (ABE, http://noscript.net/abe/wan)
> Pragma: no-cache
> Cache-Control: no-cache
10/11/2010 8:27:01 PM 192.168.1.1:58815 Sent 1460 bytes
10/11/2010 8:27:01 PM 192.168.1.1:58815 Served 4.11 K
10/11/2010 8:52:01 PM 192.168.1.1:58856 Connected
10/11/2010 8:52:01 PM 192.168.1.1:58856 Got 143 bytes
10/11/2010 8:52:01 PM 192.168.1.1:58856 Requested GET /
10/11/2010 8:52:01 PM 192.168.1.1:58856 Request dump
> GET / HTTP/1.1
> Host: 110.175.x.x
> User-Agent: Mozilla/5.0 (ABE, http://noscript.net/abe/wan)
> Pragma: no-cache
> Cache-Control: no-cache
10/11/2010 8:52:01 PM 192.168.1.1:58856 Sent 1460 bytes
10/11/2010 8:52:01 PM 192.168.1.1:58856 Served 4.11 K
10/11/2010 9:17:01 PM 192.168.1.1:58883 Connected
10/11/2010 9:17:01 PM 192.168.1.1:58883 Got 143 bytes
10/11/2010 9:17:01 PM 192.168.1.1:58883 Requested GET /
10/11/2010 9:17:01 PM 192.168.1.1:58883 Request dump
> GET / HTTP/1.1
> Host: 110.175.x.x
> User-Agent: Mozilla/5.0 (ABE, http://noscript.net/abe/wan)
> Pragma: no-cache
> Cache-Control: no-cache
10/11/2010 9:17:01 PM 192.168.1.1:58883 Sent 1460 bytes
10/11/2010 9:17:01 PM 192.168.1.1:58883 Served 4.11 K
10/11/2010 9:18:00 PM 114.76.57.13:1748 Connected
10/11/2010 9:18:00 PM 114.76.57.13:1748 Got 59 bytes
10/11/2010 9:30:54 PM 122.179.24.86:2158 Connected
10/11/2010 9:30:54 PM 122.179.24.86:2158 Got 46 bytes
10/11/2010 9:31:03 PM 217.92.71.210:43372 Connected
10/11/2010 9:31:03 PM 217.92.71.210:43372 Got 50 bytes
10/11/2010 9:42:01 PM 192.168.1.1:59284 Connected
10/11/2010 9:42:01 PM 192.168.1.1:59284 Got 143 bytes
10/11/2010 9:42:01 PM 192.168.1.1:59284 Requested GET /
10/11/2010 9:42:01 PM 192.168.1.1:59284 Request dump
> GET / HTTP/1.1
> Host: 110.175.x.x
> User-Agent: Mozilla/5.0 (ABE, http://noscript.net/abe/wan)
> Pragma: no-cache
> Cache-Control: no-cache
10/11/2010 9:42:01 PM 192.168.1.1:59284 Sent 1460 bytes
10/11/2010 9:42:01 PM 192.168.1.1:59284 Served 4.11 K
10/11/2010 9:46:28 PM 217.208.158.15:49276 Connected
10/11/2010 9:46:28 PM 217.208.158.15:49276 Got 36 bytes
10/11/2010 10:01:55 PM 174.97.155.35:56228 Connected
10/11/2010 10:01:55 PM 174.97.155.35:56228 Got 33 bytes
10/11/2010 10:07:01 PM 192.168.1.1:59445 Connected
10/11/2010 10:07:01 PM 192.168.1.1:59445 Got 143 bytes
10/11/2010 10:07:01 PM 192.168.1.1:59445 Requested GET /
10/11/2010 10:07:01 PM 192.168.1.1:59445 Request dump