[CentOS] centos5 - logwatch - verisign

RobertH roberth at abbacomm.net
Wed Sep 10 17:07:10 UTC 2008


Re: centos 5 logwatch

Has anyone ever looked into why verisign does this from these ips fairly
frequently?

It appears that it is some type of SSL probing the HTTP port, correct?

Are they just gathering stats or something ?

--------------------- httpd Begin ------------------------ 
 
 A total of 2 sites probed the server 
    
    216.168.253.197
    216.168.253.198

.....

The first ip is a3-pip6.verisign.net

The second ip is a3-pip7.verisign.net

Here is grep from logs

216.168.253.197 - - [01/Sep/2008:13:30:19 -0700] "\x80@\x01\x03" 501 304
216.168.253.197 - - [01/Sep/2008:14:02:08 -0700] "\x80@\x01\x03" 501 304
216.168.253.197 - - [05/Sep/2008:22:16:20 -0700] "\x80@\x01\x03" 501 304
216.168.253.197 - - [05/Sep/2008:22:16:29 -0700] "\x80@\x01\x03" 501 297
216.168.253.197 - - [09/Sep/2008:15:26:54 -0700] "\x80@\x01\x03" 501 304
216.168.253.197 - - [09/Sep/2008:15:27:04 -0700] "\x80@\x01\x03" 501 304
216.168.253.197 - - [09/Sep/2008:15:27:13 -0700] "\x80@\x01\x03" 501 297

216.168.253.198 - - [02/Sep/2008:07:00:39 -0700] "\x80@\x01\x03" 501 304
216.168.253.198 - - [02/Sep/2008:07:48:42 -0700] "\x80@\x01\x03" 501 297
216.168.253.198 - - [03/Sep/2008:15:04:50 -0700] "\x80@\x01\x03" 501 297
216.168.253.198 - - [05/Sep/2008:22:19:52 -0700] "\x80@\x01\x03" 501 297
216.168.253.198 - - [09/Sep/2008:15:26:52 -0700] "\x80@\x01\x03" 501 297

 - rh



More information about the CentOS mailing list