Paolo Conti - WebLog » Blog Archive » w00tw00t.at.ISC.SANS.DFind

w00tw00t.at.ISC.SANS.DFind - Update

Finally, I have found an answer to my previous question. The security scanner that leave this signature is DFind.

Doh! like Homer Simpson The word DFind is into the signature itself!
Anyway searching on Google I can find these URL:

http://heapoverflow.com
http://class101.org

DFind is one of the smallest security scanner tool and knowing the URL, you can download and check if your server can be compromised.

——————————————————————–

Ho scoperto finalmente che è DFind il programma che lascia questa strana stringa nei web server log.L’utility si trova qui:

http://heapoverflow.com
http://class101.org

P.S.: Thanks to Koon Yaw Tan

This entry was posted on Saturday, March 4th, 2006 at 4:04 pm and is filed under Internet, Security, English. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “w00tw00t.at.ISC.SANS.DFind - Update”

Mesut Safak DOGAN Says:
January 18th, 2007 at 3:55 am
Helo,

I have some entires on my server’s log file related with DFind but I see that the IP is belongs to Israel.

And please let me know if you get more information about this issue.
elblogg » Blog Archive » w00t? Says:
March 25th, 2008 at 1:48 pm
[…] It is safe to assume that this is an attempt to hack me in some way, DFind is appearantly some kind of security scannerref. The same IPs are also bruteforcing some URLs (like /phpmyadmin etc..) looking for somthing fun to poke around with. […]

Paolo Conti - WebLog

w00tw00t.at.ISC.SANS.DFind - Update

2 Responses to “w00tw00t.at.ISC.SANS.DFind - Update”

Leave a Reply