Re: GET x HTTP/1.0

From: Ross Oldbury (Ross.OLDBURYat_private)
Date: Tue Jul 24 2001 - 01:53:36 PDT

  • Next message: Bill Robbins: "cisco local director DOS."

    The Second IP address is an employee of China Telecom who thinks he's a bit
    of a hacker.
    He tried to attack my firewall on Jun 11 & 14 without success.
    
    Packet log: input DENY eth0 PROTO=6 202.99.64.113:33408 x.x.x.x:111 "trying
    to get my RPC info or overflow bug"
    I would block both the class B address ranges as they are not to be trusted.
    
    Regards,
    Ross
    ----- Original Message -----
    From: "Greg Owen" <gowenat_private>
    To: <incidentsat_private>
    Sent: Tuesday, July 24, 2001 2:19 AM
    Subject: GET x HTTP/1.0
    
    
    >
    >     Two of these showed up in my web server logs today:
    >
    > 202.100.68.22 - - [23/Jul/2001:11:58:37 -0400] "GET x HTTP/1.0" 400 328
    > 202.99.64.113 - - [23/Jul/2001:17:23:44 -0400] "GET x HTTP/1.0" 400 328
    >
    > inetnum              202.100.68.0 - 202.100.68.255
    > netname              FEITIAN-INTERNET-COMPANY
    > descr                Feitian Internet Company
    > descr                Lanzhou,Gansu
    > descr                China
    > country              CN
    >
    > inetnum              202.99.64.0 - 202.99.127.255
    > netname              CHINANET-TJ
    > descr                CHINANET Tianjin province network
    > descr                Data Communication Division
    > descr                China Telecom
    > country              CN
    >
    >     A quick google search showed one other person wondering what it was
    and
    > commenting they mostly seemed to be china, and a bunch of server logs that
    > showed the same hit.
    >
    >     Anybody know what this is?  The source makes me wonder.
    >
    > --
    >         gowen -- Greg Owen -- gowenat_private
    >         79A7 4063 96B6 9974 86CA  3BEF 521C 860F 5A93 D66D
    >
    >
    > --------------------------------------------------------------------------
    --
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    >
    >
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 08:07:55 PDT