On Thu, 2003-01-23 at 13:46, Peter Kiem wrote: > Hi Gordon, > > > The status 200 may indicate that you're vulnerable to the problem > > they're testing for. What version of apache are you running? On what > > platform? Have you enabled proxying? > > That's what I am worried about. > > Red Hat 7.3 > apache-1.3.27-1.7.2 > > No proxy enabled unless it is enabled by default. mod_proxy is not > loaded and the ProxyRequests On is commented out as per the default > install.
My server is the same platform, but with apache-1.3.27-2. You appear to have the errata version from 7.2 installed. In any case, If I telnet to port 80 on my server and issue a CONNECT command, I get a 405 error, "Method not allowed", but I'm probably not replicating their exact method. If you're getting the scans fairly often, try dumping traffic on port 80 to a file using "tcpdump -w logfile port 80". Next time you see such a request, stop logging and use ethereal to reconstruct the HTTP conversation, and you'll see exactly what commands were sent, and what you server did about them. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
