General discussion

Locked

hackers

By rhart ·
does anyone know the significance of the following:
http:\\www:80
We have noticed this entry in our intrusion detection software reports and have so far been unable to ascertain its meaning

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

hackers

by dmiles In reply to hackers

This represents a Web server or Http daemon that the server listens to receive from a Web client,assuming that the default was taken when the server was configured

I f thare is a web server the default port is 80

Collapse -

hackers

by rhart In reply to hackers

The question was auto-closed by TechRepublic

Collapse -

hackers

by CG IT In reply to hackers

Yup. Default http port for web servers is port 80. When you use http://www.<domain name> to surf the web what your actuall typing is http://www.<ip address>:<port #> . The service assumes [unless the host header or header pointer has a different port # assigned] all web http is using port 80. [If your going to a FTP site, the port would be port 21]. Hackers use port scans to find open ports they can exploit. It used to be hackers tried well known ports [those between 1 and 1024]. however, withthe advent of firewalls that close all ports by default, they scan the lesser know ports to exploit open ports 1025 to 65000 on services that are installed and use the lesser know ports [either by default] or inadvertently but forgotten about because they are rarely used.

Collapse -

hackers

by rhart In reply to hackers

The question was auto-closed by TechRepublic

Collapse -

hackers

by LordInfidel In reply to hackers

Let's back track.

In your IDS logs, where is it located as a source or as a destination.

Does it give what IP address it is going to?

It may just be a scan of headers hoping to find a incorrectly configured web server, although I don't knowof any web servers with a default www.

Although it could be that if you have a webserver called www, and someone knew the IP of the server, they could try to trick the server into returning the default website.

It would be the same as http:\\localhost
Or http:\\computername:80

It could be used to find PWS on a system also.

Collapse -

hackers

by rhart In reply to hackers

The question was auto-closed by TechRepublic

Collapse -

hackers

by sabrodiesel2000 In reply to hackers

I suspect that you are having a webserver that was online on the PORT 80 and it was not actually an intrusion, just an access to the ROOT DIRECTORY of your webserver that you have configured. But if this is not the case then an intrusion occured at the PORT number 80.

Collapse -

hackers

by rhart In reply to hackers

The question was auto-closed by TechRepublic

Collapse -

hackers

by rhart In reply to hackers

This question was auto closed due to inactivity

Back to Security Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums