[40362] in North American Network Operators' Group
Re: anybody seen this? (POST /PAV_REL HTTP/1.0)
daemon@ATHENA.MIT.EDU (Matt Hite)
Tue Aug 7 19:07:49 2001
Date: Tue, 7 Aug 2001 16:04:41 -0700
From: Matt Hite <mh_nanog@ibexa.com>
To: Paul A Vixie <vixie@vix.com>
Cc: nanog@merit.edu
Message-ID: <20010807160441.A5519@mongo.ibexa.com>
Reply-To: Matt Hite <mh_nanog@ibexa.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <no.id>; from vixie@vix.com on Tue, Aug 07, 2001 at 11:06:05AM -0700
Errors-To: owner-nanog-outgoing@merit.edu
Paul,
This is a guess, but given a few clues in the header, I'd speculate that it's
an anti-virus agent that utilizies Marimba technology for signature updates.
(From what I understand, Marimba technology is incorporated into a number
of applications for product updates, etc.)
--Matt Hite
On Tue, Aug 07, 2001 at 11:06:05AM -0700, Paul A Vixie wrote:
> while hunting codered, i started seeing quite a few of the following:
>
> POST /PAV_REL HTTP/1.0
> User-Agent: TSTPAV
> Connection: Keep-Alive
> Content-length: 138
> Pragma: no-cache
> Content-type: application/marimba
> Request-type: update/12
>
> what's being attempted here, and is anybody else seeing it? sometimes it's
>
> POST /PAV_REL HTTP/1.1
> Host: ...
> Connection: keep-alive
> User-Agent: TSTPAV
> Content-length: 974
> Pragma: no-cache
> Content-type: application/marimba
> Request-type: update/12
> Via: 1.0 proxy-rnb (NetCache NetApp/5.1D3)
> X-Forwarded-For: ...
>
> i'm not currently collecting the content, maybe i should. anybody seen this?
>
> ------------------------------
