Security Incidents mailing list archives
Re: Chinese HTTP ACKs
From: Kelsey Dawes <kelsey () codemonkey net>
Date: Fri, 11 Feb 2005 12:23:36 +0000
On Thu, Feb 10, 2005 at 02:46:22PM -0000, Peter Kerr wrote:
In-Reply-To: <1107987233.679.89.camel@localhost>
<snip>
attempts from Sohu or has some more information he can sharehere?61.128.234.194 - - [31/Jan/2005:19:12:34 +1300] "GET http:// www.sina.com.cn/ HTTP/1.1" 200 1090 Just the one GET, no other probing, also once each on 28 & 29 Jan. There have been bots from all places except .cn looking thru my index structure. I just assumed this guy was looking for an open proxy, didn't find it & went away.
3 or 4 of these: different subnets. Different days. Haven't seen any proxy requests so far 219.139.239.212 - - [09/Feb/2005:08:24:53 -0600] "GET / HTTP/1.1" 302 290 "http: //dir.sina.com.cn/search_dir/ys/wd/le/jj/" "Mozilla/4.0 (compatible; MSIE 6.0; W indows NT 5.0)" 222.241.16.12 - - [10/Feb/2005:01:22:53 -0600] "GET / HTTP/1.1" 302 290 "http://dir.sina.com.cn/search_dir/ys/wd/le/jj/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" -- \0/ | _/ \_
Current thread:
- Re: Chinese HTTP ACKs Peter Kerr (Feb 10)
- Re: Chinese HTTP ACKs Kelsey Dawes (Feb 11)