22
Automatic Scanner – Log Example
| Rapid sequence
of attacks over short period of time |
|
| Single IP source |
|
| Usually HTTP,
not HTTPS |
|
| Common web
vulnerabilities – not application specific |
|
| A lot of 404
pages |
|
| Usually grouped
by subject, sometimes alphabetically sorted... |
|
| No real session
(not maintaining cookies), but may maintain HTTP authentication |
|
| May be
correlated with attacks on non-HTTP ports |
|
| Download
an eval version of commercial or freeware scanner |
|
| to see the
footprint it leaves in your logs |
|