WebApp Sec mailing list archives
Re: Re: notice: mambo scanner
From: dontbugme () nomail com
Date: 15 Jan 2006 20:50:30 -0000
I have been getting these too. Here is the scary part: I got repetitive scans for this and other vulnerability scans, lumped together and not making any sense (the requests would not return any usable user data and are out of context)> I complained logged a request for prosecution on a European attack source, and on their provider. Since 24h after that, all such scans stopped, I did not see one for three days now. There were some every day. It is one source, using probably compromised servers all over the world (why would Chinese origins and European origins stop at the same time?) There were also always correlated connection requests after a scan (this is a honeypot, I am good!) from other IPs in sequence after such a scan. Sure, hhere are script kiddies out there. This is one organization using worldwide - eventually compromised - hosts to scan periodically, probably the whole 'I'. Wonder who could that be, who just got ratted out to a foreign coutrie's justics system.... me, safe and secure behind my systems microsoft free of course........... This is very significant, since these scans happened a couple of times a day (less than a dozen) from different IPs all over the world. I bet, the moment this message here percolated, just to prove the point, that organization will launch at least one new scan, within baout 12h. me ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Re: Re: notice: mambo scanner dontbugme (Jan 17)