Security Incidents mailing list archives

Re: GET x HTTP/1.0

From: "Ross Oldbury" <Ross.OLDBURY () gemplus com>
Date: Tue, 24 Jul 2001 09:53:36 +0100

The Second IP address is an employee of China Telecom who thinks he's a bit
of a hacker.
He tried to attack my firewall on Jun 11 & 14 without success.

Packet log: input DENY eth0 PROTO=6 202.99.64.113:33408 x.x.x.x:111 "trying
to get my RPC info or overflow bug"
I would block both the class B address ranges as they are not to be trusted.

Regards,
Ross
----- Original Message -----
From: "Greg Owen" <gowen () swynwyr com>
To: <incidents () securityfocus com>
Sent: Tuesday, July 24, 2001 2:19 AM
Subject: GET x HTTP/1.0


    Two of these showed up in my web server logs today:

202.100.68.22 - - [23/Jul/2001:11:58:37 -0400] "GET x HTTP/1.0" 400 328
202.99.64.113 - - [23/Jul/2001:17:23:44 -0400] "GET x HTTP/1.0" 400 328

inetnum              202.100.68.0 - 202.100.68.255
netname              FEITIAN-INTERNET-COMPANY
descr                Feitian Internet Company
descr                Lanzhou,Gansu
descr                China
country              CN

inetnum              202.99.64.0 - 202.99.127.255
netname              CHINANET-TJ
descr                CHINANET Tianjin province network
descr                Data Communication Division
descr                China Telecom
country              CN

    A quick google search showed one other person wondering what it was

and

commenting they mostly seemed to be china, and a bunch of server logs that
showed the same hit.

    Anybody know what this is?  The source makes me wonder.

--
        gowen -- Greg Owen -- gowen () swynwyr com
        79A7 4063 96B6 9974 86CA  3BEF 521C 860F 5A93 D66D


--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

GET x HTTP/1.0 Greg Owen (Jul 23)
- Re: GET x HTTP/1.0 Phil Sorber (Jul 24)
- Re: GET x HTTP/1.0 jlewis (Jul 24)
- Re: GET x HTTP/1.0 John (Jul 24)
  - Re: GET x HTTP/1.0 Seth Milder (Jul 24)
- Re: GET x HTTP/1.0 Ross Oldbury (Jul 24)
- Re: GET x HTTP/1.0 dr john halewood (Jul 24)
- Re: GET x HTTP/1.0 Patryk Chmielewski (Jul 24)
- <Possible follow-ups>
- RE: GET x HTTP/1.0 Portnoy, Gary (Jul 24)