Re: [FW-1] why my firewall was contacted by http so often?

[Ralf Guenthner <gue@FW1-NOSPAMALPHATEL.DE>]

Hi Martin

I see this all the time myself. My theory is, that people are scanning for
web servers and since they do it for whole IP blocks, your firewall gets
"hit" too. OTOH if you see requests from the same source recurring for days,
it could be a wrong DNS entry and you could try to figure out who they're
really trying to reach and inform them.

Cheers
Ralf G.

----- Original Message -----
From: "Martin byford" <fwask@HOTMAIL.COM>
To: <FW-1-MAILINGLIST@beethoven.us.checkpoint.com>
Sent: Monday, December 16, 2002 3:29 AM
Subject: [FW-1] why my firewall was contacted by http so often?


> Hi.. Group
>
> I had set up a alert feature in my firewall in such way if external hosts
> contact my firewall via telnet, ssh, ftp , http, https, smtp.  It will
send
> alert to me and drop it. To my suprise that more than 80% alert are caused
> by http.  Do anyone know that why so many people contact us via http? Do
you
> know any attack can be initialled by HTTP?  FYI, we didn't register our
> firewall IP in the internet domain and it is not a web server.
>
> Besides, I also found most of the traffic come from 61.X.X.X and our
> firewall IP is also in 61.X.X.X network. But we are in different country.
>
> Any idea?
>
>
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================