Security Incidents mailing list archives
Re: strange HTTP scan/attack?
From: Anne Marcel Roorda <marcel () OUR DOMAINTJE COM>
Date: Wed, 29 Nov 2000 09:35:52 +0100
On Mon, 27 Nov 2000, Jim Bacon wrote:
I am seeing someone repeating hitting a CGI script with a HEAD request and then submitting a query of the form: http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/Angola http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/England http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/0/Angola http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/0/England Where it cycles thru a list of all country names, then starts over with another 0 in the query string. This is coming into my server almost as fast as possible, and is somewhat annoying. Can anyone offer any clues tp what this is and what I can do about it? It appears to be originating from a UUnet dialup in the UK, so any complaints to a live human are impossible and email complaints just an excercise in my typing practice.
Hi, If you had taken a look at the contact page on www.uk.uu.net then you'd have found the following. <quote> Security issues - hacking, portscanning, denial of service attacks. If you have been subject to an attack of this type. Please contact our Abuse team immediately on 01223 250570. If the attack occurs out of hours, please contact our 24x7 team on 01223 250122 Once you make contact with the Abuse team, they will require copies of the logs showing dates, times and timezones of the attack. </quote> - marcel
Current thread:
- strange HTTP scan/attack? Jim Bacon (Nov 29)
- Re: strange HTTP scan/attack? Anne Marcel Roorda (Nov 30)
- Re: strange HTTP scan/attack? Bryan Andersen (Nov 30)