This morning starting at 6:49 until 6:52 I received 52 email notifications from EDIAgent. There are no outbound or inbound EDI jobs scheduled at that time. None of them make any sense to me. Most are just a couple characters or symbols in the message body. Some are completely blank. Below are the more interesting ones. EDI seems to be working fine despite the notifications. Wondering if anyone else has seen this before.
I ran a search for the "Get /nice..." and found an article called Top 10 Web Service Exploits in 2019.
/nice%20ports%2C/Tri%6Eity.txt%2ebak
9% of all web services hits.
Unescaped URI: /nice ports,/Trinity.txt.bak
Information disclosure vulnerabilities web servers.
The URI above indicates a network scan in attempt to find vulnerable web server. The request was originally crafted for Nmap scanner, but attacks can use it with other tools or scripts.
Nmap is a network scanner which used to discover hosts and services on a computer network by sending packets and analyzing the responses. In this request the attacker uses ASCII escaped characters in attempt to generate HTTP 404 error message to probe a web server. A successful scan can reveal important information about the web server code and possibly even vulnerabilities through response headers and error messages.
