Forum Discussion

Icon for Cirrocumulus rank

Cirrocumulus

Apr 10, 2017

Web Server Probe (internet explorer) Attack Signature Detected

I'm seeing the following in traffic learning and I can't find any information on what the actual attack is trying to accomplish. Any ideas?

GET / HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: test2.test.com X-Forwarded-For: 199.199.199.199

ASM Advanced WAF

nathe
Cirrocumulus
Apr 10, 2017
Shann_P, you probably know already but this is complaining because of the fake user-agent. So it is probably an automated tool with a fake user agent and it's trying to probe, or scan, public IPs/web pages, to check for and document the responses. Mostly this is for reconnaisance or information gathering / fingerprinting purposes.

Hope this helps,

N

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming