jducoeur: (Default)
[personal profile] jducoeur

Since my Google-fu is failing me, I'm curious whether any of my friends might know:

I have one high-number port open on our home network, gatewayed to HTTP on my development machine, which is sometimes running an in-development HTTP server. (Sometimes Querki, sometimes other things.) Unsurprisingly, this leads to port scanners trying to break in; if I happen to be running the application at the time, I see fun errors in the log.

(No, there's nothing secret or interesting in the exposed web server -- it's just test data, and the open port is so that I can show folks outside the firewall what I'm currently up to. And if somebody actually can break into it through that, I want to know about that now, on my Linux dev box, rather than in production.)

This morning's errors are a mystery to me, though -- it looks like somebody is attempting to issue a REMOTE command. It's splashing with a "501 Not Implemented", of course, but I have no clue what it is. I had originally been entirely puzzled, since I'm not aware of a REMOTE method in HTTP, but then it occurred to me that, since this isn't port 80 or 443, there's no reason to believe they're trying to attack me with HTTP.

Any ideas what protocol they're sniffing for? This is just idle curiosity, but I like to have some idea how someone is trying to attack me, and there seems to be an automated probe trying this one about once an hour...

(no subject)

Date: 2017-06-01 03:54 pm (UTC)
l33tminion: (Default)
From: [personal profile] l33tminion
No idea. What else is in the payload, or is it just "REMOTE"?

(no subject)

Date: 2017-06-02 10:12 am (UTC)
dsrtao: dsr as a LEGO minifig (Default)
From: [personal profile] dsrtao
Try googling for the port number and "listens on".


jducoeur: (Default)

October 2017

123 4567
8910 1112 1314

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags