RE: Unusual Web Server

From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)
Date: Tue Jul 08 2003 - 18:19:28 EDT

• Next message: Muhammad Faisal Rauf Danka: "Re: IRIX Pen Testing/Hardening"
• Previous message: Gwendolynn ferch Elydyr: "Re: Product review postings - Suggested Solution"
• Maybe in reply to: charrin2@maine.rr.com: "Unusual Web Server"
• Next in thread: Jeff Bollinger: "Re: Unusual Web Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The SB4100E Motrolla External Cable modem also uses that little webserver as HTML-based user interface for troubleshooting.
Another possibility is NetScreen, I have myself seen that in Netscreen 5XP OS 3.0.1r2

Regards
--------
Muhammad Faisal Rauf Danka

--- "Sabol, Paul" <PSABOL@mgmmirage.com> wrote:
>Could be Apache...you can modify the http.h SERVERBASENAME,
>SERVERVERSION (don't quote me on the exactness of these variables...it's
>been a while) and you have a new name when you compile. Performing
>httpd -v will tell you what it is if you have access to the box.
>
>-----Original Message-----
>From: charrin2@maine.rr.com [mailto:charrin2@maine.rr.com]
>Sent: Tuesday, July 08, 2003 11:46 AM
>To: pen-test@securityfocus.com
>Subject: Unusual Web Server
>
>All,
>
>I have found a web server that I cannot identify. It is listening on
>port 5050. When I telnet to it I get:
>
>telnet host.foobar.com 5050
>Trying 10.10.10.10...
>Connected to host.foobar.com.
>Escape character is '^]'.
>
>HTTP/1.1 400 Bad Request
>Date: Tue, 8 July 2003 14:59:05
>Server: Web/R5_2_2
>
>400 Bad Request
>Connection closed by foreign host.
>
>
>If I try to browse to it I am prompted for a username / password. After
>entering the wrong password I get the ususal 401 unauthorized. The
>default page is layout.html
>
>Any help would be appreciated.
>
>--Chris
>
>
>
>------------------------------------------------------------------------
>---
>The Lightning Console aggregates IDS events, correlates them with
>vulnerability info, reduces false positives with the click of a button,
>anddistributes this information to hundreds of users.
>
>Visit Tenable Network Security at http://www.tenablesecurity.com to
>learn more.
>------------------------------------------------------------------------
>----
>
>
>
>
>---------------------------------------------------------------------------
>The Lightning Console aggregates IDS events, correlates them with
>vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
>
>Visit Tenable Network Security at http://www.tenablesecurity.com to learn
>more.
>----------------------------------------------------------------------------

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------

• Next message: Muhammad Faisal Rauf Danka: "Re: IRIX Pen Testing/Hardening"
• Previous message: Gwendolynn ferch Elydyr: "Re: Product review postings - Suggested Solution"
• Maybe in reply to: charrin2@maine.rr.com: "Unusual Web Server"
• Next in thread: Jeff Bollinger: "Re: Unusual Web Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT