Security Incidents mailing list archives
Re: Scans from udel.edu and tue.nl
From: epadin () WAGWEB COM (Ed Padin)
Date: Fri, 24 Mar 2000 13:31:00 -0500
I got this one also and wrote to Gunnar.Pfeil () RZ Uni-Jena DE as listed in the ripe.net whois listing. They actually responded and told me that they were investigating it.
-----Original Message----- From: Matthew S. Hallacy [mailto:mhallacy () MERCURY XTRATYME COM] Sent: Wednesday, March 22, 2000 10:41 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Scans from udel.edu and tue.nl [largish snip]It's likely that other readers have seen these problems as well.Yes actually, all of our webservers (on different /24's, i might add) recieved this scan: fsuj83.rz.uni-jena.de - - [16/Mar/2000:20:10:56 -0600] "POST /cgi-bin/phf?Qname=x%0a/bin/sh+-s%0a HTTP/1.0" 404 205 of course, it wasnt there, but it still set off a few alarms =) (isp was unresponsive, of course, if anyone has a good contact i'd appreciate it) As for that udel machine, I remember a guy a used to know on IRC who always used it, but he got raided by the FBI last June I believe in that big gH thing though =Pjose nazariojose () biochemistry cwru eduPGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
Current thread:
- Scans from udel.edu and tue.nl Jose Nazario (Mar 21)
- Re: Scans from udel.edu and tue.nl Alexandru Popa (Mar 22)
- Re: Scans from udel.edu and tue.nl Jose Nazario (Mar 22)
- 8 hours of pinging & POP2 Paul Tero (ME IT) (Mar 22)
- Re: Scans from udel.edu and tue.nl Ryan Russell (Mar 23)
- R: Scans from udel.edu and tue.nl Gregor Sfiligoj (Mar 22)
- Linux Security slam () THEGRID NET (Mar 22)
- Re: Scans from udel.edu and tue.nl Matthew S. Hallacy (Mar 22)
- <Possible follow-ups>
- Re: Scans from udel.edu and tue.nl Fernando Cardoso (Mar 23)
- Re: Scans from udel.edu and tue.nl Ed Padin (Mar 24)
- Re: Scans from udel.edu and tue.nl Alexandru Popa (Mar 22)