Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Chinese HTTP ACKs

From: Kelsey Dawes <kelsey () codemonkey net>
Date: Fri, 11 Feb 2005 12:23:36 +0000
On Thu, Feb 10, 2005 at 02:46:22PM -0000, Peter Kerr wrote:

In-Reply-To: <1107987233.679.89.camel@localhost>


<snip>


attempts from Sohu or has some more information he can share 

here?




61.128.234.194 - - [31/Jan/2005:19:12:34 +1300] "GET http://
www.sina.com.cn/ HTTP/1.1" 200 1090

Just the one GET, no other probing, also once each on 28 & 29 Jan.
There have been bots from all places except .cn looking thru my index 
structure. I just assumed this guy was looking for an open proxy, didn't 
find it & went away.


3 or 4 of these: different subnets.
Different days.  Haven't seen any proxy requests so
far


219.139.239.212 - - [09/Feb/2005:08:24:53 -0600] "GET / HTTP/1.1" 302
290 "http: //dir.sina.com.cn/search_dir/ys/wd/le/jj/" "Mozilla/4.0
(compatible; MSIE 6.0; W indows NT 5.0)"


222.241.16.12 - - [10/Feb/2005:01:22:53 -0600] "GET / HTTP/1.1" 302 290
"http://dir.sina.com.cn/search_dir/ys/wd/le/jj/"; "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"


-- 
 \0/
  |
_/ \_
Previous By Date Next
Previous By Thread Next

Current thread: