Security Incidents mailing list archives
Re: Scan from Philipine Center on Transnational Crime
From: ATD <simon () snosoft com>
Date: 24 Jun 2003 00:11:24 -0400
Hi, Actually ANVIL picked that up as well from the same 210 range. We have 9 class C's here, all 9 were scanned. Thus far our total scan count from that "area" is over 1500. We actually have a black list on our web page if anyone is interested, with the reasons for the black listing. (http://www.secnetops.com look on the bottom of the page). Something else that we've noticed too is a massive amount of scans from uunet in CA, a total of approx 1300 scans, also recently blacklisted. On Sun, 2003-06-22 at 14:33, Joe Blatz wrote:
Normally I just skip over scans like this, but the source has aroused my curiosity.From 0352 - 0441 (PDT) on 6/22/03 all externallyaddressable web servers on our class B were scanned by 210.23.116.11. According the APNIC this address is registered to the Philippine Center on Transnational Crime. The scan was for the Escaped Characters Decoding vulnerability in IIS (http://www.securityfocus.com/bid/2708/discussion/). It only checked http://TARGET/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ and did not send any other packets that triggered the IDS. Has anyone else seen anything from the 210.23.116.8 - 210.23.116.15 range? __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
-- Sincerely, Adriel T. Desautels Secure Network Operations, Inc. http://www.secnetops.com DID: 978-263-3829 CELL: 978-790-6901 ANVIL : http://www.secnetops.com/products ______________________________________________________________ SECNETOPS "Embracing the future of technology, protecting you"
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Scan from Philipine Center on Transnational Crime Joe Blatz (Jun 23)
- Re: Scan from Philipine Center on Transnational Crime ATD (Jun 24)