Security Incidents mailing list archives
Scan from Philipine Center on Transnational Crime
From: Joe Blatz <sd_wireless () yahoo com>
Date: Sun, 22 Jun 2003 11:33:03 -0700 (PDT)
Normally I just skip over scans like this, but the source has aroused my curiosity.
From 0352 - 0441 (PDT) on 6/22/03 all externally
addressable web servers on our class B were scanned by 210.23.116.11. According the APNIC this address is registered to the Philippine Center on Transnational Crime. The scan was for the Escaped Characters Decoding vulnerability in IIS (http://www.securityfocus.com/bid/2708/discussion/). It only checked http://TARGET/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ and did not send any other packets that triggered the IDS. Has anyone else seen anything from the 210.23.116.8 - 210.23.116.15 range? __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Scan from Philipine Center on Transnational Crime Joe Blatz (Jun 23)