Security Incidents mailing list archives
Re: HTTP worm?
From: bugtraq () shadowstorm com
Date: 30 Aug 2007 13:04:49 -0000
The incoming packets have a source port of 80 and a destination port ranging between 1000 and 2000. If you connect to port 80 on the IP sending the packets and issue the "HEAD" command you'll notice almost all of them will show the following; lynx -head -dump http://81.52.202.217 HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 187 Expires: Thu, 30 Aug 2007 12:49:44 GMT Date: Thu, 30 Aug 2007 12:49:44 GMT Connection: close A "whois" on the IP will often shown them registered to Akamai. -Michael Rawls ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
Current thread:
- HTTP worm? Steve Huston (Aug 27)
- RE: HTTP worm? Dario Ciccarone (dciccaro) (Aug 27)
- RE: HTTP worm? Geoff Martin (Aug 27)
- Re: HTTP worm? Joshua J. Talbot (Aug 27)
- <Possible follow-ups>
- Re: HTTP worm? bugtraq (Aug 30)