Security Incidents mailing list archives
Re: site probe
From: mark Hoffman <mhoffman1 () iowatelecom net>
Date: Thu, 5 Oct 2006 22:22:58 -0500
On Thursday 05 October 2006 12:21 pm, dso wrote: This may shed some light. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5152 Or isc.sans.org
I got an interesting series of 404s on my website from 211-72-233-10.HINET-IP.hinet.net tcnuke appears to be a Chinese web portal system like phpnuke I usually get these kind of probes after an exploit has been found. In order from last to first 404 /tcnuke/bbmpg12418.zip /images/bbmpeg.html /tcnuke/asftools310_tw.zip /images/asftools310.exe /tcnuke/ttpsetup_cht.exe /tcnuke/xmplay33.zip /tcnuke/xmplay.html /tcnuke/player.php /tcnuke/cwinamp5094.exe /tcnuke/winamp53_pro.exe /tcnuke/downloader.php?plugin=2 /tcnuke/qcd451.exe /tcnuke/DLM_2200046_CHT.exe /tcnuke/mmsetup_10004015c_ENU.exe /tcnuke/3000-2167_4-10495839.html?tag=pdp_prod /includes/iTunesSetup.exe /includes/foobar2000_0.9.4.exe /hc/qcd451.exe /hc/bbmpg12418.zip /hc/asftools310_tw.zip /hc/FreeMeterSetup.exe /hc/bitpro.exe /hc/cwinamp5094.exe /hc/winamp53_pro.exe /hc/3000-2121_4-10492453.html /hc/DLM_2200046_CHT.exe /hc/mmsetup_10004015c_ENU.exe /hc/3000-2167_4-10495839.html?tag=pdp_prod /includes/3DMark06_v102_installer.exe /de/ /badfs/badfs/tw2/ /support/downloads/ /products/dexp/downloads/ /arc/ /lightning/ /images/heliattack2.php /images/view.php?nid=64 /tcnuke/d-6.htm /FastStone-Image-Viewer/ /games/cubis2/play/ /customer/ Daniel
------------------------------------------------------------------------------ This List Sponsored by: Black Hat Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. http://www.blackhat.com ------------------------------------------------------------------------------
Current thread:
- site probe dso (Oct 05)
- Re: site probe mark Hoffman (Oct 06)
- <Possible follow-ups>
- RE: site probe Zed Qyves (Oct 06)