HackDig : Dig high-quality web security articles for hacker

Reminder: Secure Your Tomcat Admin Interface, (Mon, Apr 20th)

2015-04-20 13:50

In our web application honeypots, we do see continuing scans for /manager/html. While our honeypot doesnt (yet) fully simulate this Tomcat administrative interface, these scans are usually used to find unprotected Tomcatmanager URLs. Windows NT 6.1)
Host: [host ip redacted]:8080
Cache-Control: no-cache

Todays top sources of these scans are:

222.186.21.117 (-- by far the largest source)
88.33.217.26
69.39.4.234
176.31.16.108
218.83.5.174
150.70.97.0/24
150.70.173.0/24 (maybe just block 150.70.0.0/16 ?)
121.8.241.145

OWASP got a brief guide on securing Tomcat:https://www.owasp.org/index.php/Securing_tomcat

See the Securing Manager WebApp for details on protecting your management interface.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Source: ssr;pma&10691=diyrots?lmth.yraid/ude.snas.csi

Read:1946 | Comments:0 | Tags:No Tag

“Reminder: Secure Your Tomcat Admin Interface, (Mon, Apr 20th)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud