GET x HTTP/1.0

From: Greg Owen (gowenat_private)
Date: Mon Jul 23 2001 - 18:19:53 PDT

Next message: Ilya Zherebetskiy: "Re: "Code Red" worm - there MUST be at least two versions."

Previous message: Ryan Russell: "Re: Peak Activity of Red Worm?"
Next in thread: Phil Sorber: "Re: GET x HTTP/1.0"
Reply: Phil Sorber: "Re: GET x HTTP/1.0"
Reply: jlewisat_private: "Re: GET x HTTP/1.0"
Reply: John: "Re: GET x HTTP/1.0"
Reply: Ross Oldbury: "Re: GET x HTTP/1.0"
Reply: dr john halewood: "Re: GET x HTTP/1.0"
Reply: Portnoy, Gary: "RE: GET x HTTP/1.0"
Reply: Patryk Chmielewski: "Re: GET x HTTP/1.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Two of these showed up in my web server logs today:

202.100.68.22 - - [23/Jul/2001:11:58:37 -0400] "GET x HTTP/1.0" 400 328
202.99.64.113 - - [23/Jul/2001:17:23:44 -0400] "GET x HTTP/1.0" 400 328

inetnum              202.100.68.0 - 202.100.68.255
netname              FEITIAN-INTERNET-COMPANY
descr                Feitian Internet Company
descr                Lanzhou,Gansu
descr                China
country              CN

inetnum              202.99.64.0 - 202.99.127.255
netname              CHINANET-TJ
descr                CHINANET Tianjin province network
descr                Data Communication Division
descr                China Telecom
country              CN

    A quick google search showed one other person wondering what it was and
commenting they mostly seemed to be china, and a bunch of server logs that
showed the same hit.

    Anybody know what this is?  The source makes me wonder.

--
        gowen -- Greg Owen -- gowenat_private
        79A7 4063 96B6 9974 86CA  3BEF 521C 860F 5A93 D66D


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Ilya Zherebetskiy: "Re: "Code Red" worm - there MUST be at least two versions."
Previous message: Ryan Russell: "Re: Peak Activity of Red Worm?"
Next in thread: Phil Sorber: "Re: GET x HTTP/1.0"
Reply: Phil Sorber: "Re: GET x HTTP/1.0"
Reply: jlewisat_private: "Re: GET x HTTP/1.0"
Reply: John: "Re: GET x HTTP/1.0"
Reply: Ross Oldbury: "Re: GET x HTTP/1.0"
Reply: dr john halewood: "Re: GET x HTTP/1.0"
Reply: Portnoy, Gary: "RE: GET x HTTP/1.0"
Reply: Patryk Chmielewski: "Re: GET x HTTP/1.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 21:31:40 PDT