|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: strange HTTP scan/attack?
From: Jim Bacon (jim
TRITECH.ORG)Date: Mon Nov 27 2000 - 14:22:26 CST
- Next message: Bryan Smith: "Re: Crack attempt last weekend"
- Previous message: Jens Hektor: "Re: scans for port 4000 udp"
- Next in thread: Anne Marcel Roorda: "Re: strange HTTP scan/attack?"
- Reply: Anne Marcel Roorda: "Re: strange HTTP scan/attack?"
- Reply: Bryan Andersen: "Re: strange HTTP scan/attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I am seeing someone repeating hitting a CGI script with a HEAD request and
then submitting a query of the form:
http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/Angola
http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/England
http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/0/Angola
http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/0/England
Where it cycles thru a list of all country names, then starts over with
another 0 in the query string.
This is coming into my server almost as fast as possible, and is somewhat
annoying.
Can anyone offer any clues tp what this is and what I can do about it? It
appears to be originating from a UUnet dialup in the UK, so any complaints
to a live human are impossible and email complaints just an excercise in my
typing practice.
Thanks!
Jim
- Next message: Bryan Smith: "Re: Crack attempt last weekend"
- Previous message: Jens Hektor: "Re: scans for port 4000 udp"
- Next in thread: Anne Marcel Roorda: "Re: strange HTTP scan/attack?"
- Reply: Anne Marcel Roorda: "Re: strange HTTP scan/attack?"
- Reply: Bryan Andersen: "Re: strange HTTP scan/attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]