Security Incidents mailing list archives
strange HTTP scan/attack?
From: Jim Bacon <jim () TRITECH ORG>
Date: Mon, 27 Nov 2000 12:22:26 -0800
I am seeing someone repeating hitting a CGI script with a HEAD request and then submitting a query of the form: http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/Angola http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/England http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/0/Angola http://blah.blah.blah/cgi-bin/cgiscript/0/0/0/0/England Where it cycles thru a list of all country names, then starts over with another 0 in the query string. This is coming into my server almost as fast as possible, and is somewhat annoying. Can anyone offer any clues tp what this is and what I can do about it? It appears to be originating from a UUnet dialup in the UK, so any complaints to a live human are impossible and email complaints just an excercise in my typing practice. Thanks! Jim
Current thread:
- strange HTTP scan/attack? Jim Bacon (Nov 29)
- Re: strange HTTP scan/attack? Anne Marcel Roorda (Nov 30)
- Re: strange HTTP scan/attack? Bryan Andersen (Nov 30)