Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: lots of connections to 64.40.117.19 port 80
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Fri, 18 Apr 2008 09:04:24 -0400

Ganbold,

This sounds like a textbook case of Cross Site Scripting (XSS). 
Consider filtering user output more carefully.

J

On Fri, 18 Apr 2008 03:54:24 -0400 Ganbold <ganbold () micom mng net> 
wrote:
Hi,

Recently I have seen a lots of connections to 64.40.117.19 port 80 
in 
one of our clients network.
Connections are coming from all over the Internet (various 
different 
IPs) specifically to this IP.
Due to this problem (I guess it is DDoS) one of our router's CPU 
usage 
grew up to 100% and stopped a service
for a while.
What kind of problem this could be?
Has anybody seen this kind of attack before?
I appreciate if somebody can enlighten me in this regard.

thanks in advance,

Ganbold

-- 
The more control, the more that requires control.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

--
Click to make millions by owning your own franchise.
http://tagline.hushmail.com/fc/Ioyw6h4eB8rENcAX63OKyEklXhdt1htMFgy2tF8DC8RCA04pNI4uPe/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]