Hi, Actually ANVIL picked that up as well from the same 210 range. We have 9 class C's here, all 9 were scanned. Thus far our total scan count from that "area" is over 1500. We actually have a black list on our web page if anyone is interested, with the reasons for the black listing. (http://www.secnetops.com look on the bottom of the page). Something else that we've noticed too is a massive amount of scans from uunet in CA, a total of approx 1300 scans, also recently blacklisted. On Sun, 2003-06-22 at 14:33, Joe Blatz wrote: > Normally I just skip over scans like this, but the > source has aroused my curiosity. > > >From 0352 - 0441 (PDT) on 6/22/03 all externally > addressable web servers on our class B were scanned by > 210.23.116.11. According the APNIC this address is > registered to the Philippine Center on Transnational > Crime. The scan was for the Escaped Characters > Decoding vulnerability in IIS > (http://www.securityfocus.com/bid/2708/discussion/). > > It only checked > http://TARGET/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ > and did not send any other packets that triggered the > IDS. > > Has anyone else seen anything from the 210.23.116.8 - > 210.23.116.15 range? > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com > > ---------------------------------------------------------------------------- > Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the > world's premier technical IT security event! 10 tracks, 15 training sessions, > 1,800 delegates from 30 nations including all of the top experts, from CSO's to > "underground" security specialists. See for yourself what the buzz is about! > Early-bird registration ends July 3. This event will sell out. www.blackhat.com > ---------------------------------------------------------------------------- -- Sincerely, Adriel T. Desautels Secure Network Operations, Inc. http://www.secnetops.com DID: 978-263-3829 CELL: 978-790-6901 ANVIL : http://www.secnetops.com/products ______________________________________________________________ SECNETOPS "Embracing the future of technology, protecting you"
This archive was generated by hypermail 2b30 : Tue Jun 24 2003 - 20:35:38 PDT