Security Incidents mailing list archives
Re: Chinese HTTP ACKs
From: Peter Kerr <p.kerr () auckland ac nz>
Date: 10 Feb 2005 14:46:22 -0000
In-Reply-To: <1107987233.679.89.camel@localhost>
From: Frank Knobbe <frank () knobbe us> In-Reply-To: <00f101c50ed2$56e35ff0$646f1299@HURON> Date: Wed, 09 Feb 2005 16:13:53 -0600
...
Oh, and they also performed proxy checks (trying GET http://
www.sohu.com
against the tested hosts). Not really a feature of a search engine either :) These accesses were observed from 61.135.131.0/24 and
220.181.26.0/24.
You might want to keep an eye on those subnets. Has anyone else
noticed
attempts from Sohu or has some more information he can share
here?
61.128.234.194 - - [31/Jan/2005:19:12:34 +1300] "GET http:// www.sina.com.cn/ HTTP/1.1" 200 1090 Just the one GET, no other probing, also once each on 28 & 29 Jan. There have been bots from all places except .cn looking thru my index structure. I just assumed this guy was looking for an open proxy, didn't find it & went away.
Current thread:
- Re: Chinese HTTP ACKs Peter Kerr (Feb 10)
- Re: Chinese HTTP ACKs Kelsey Dawes (Feb 11)