Scan from Philipine Center on Transnational Crime

From: Joe Blatz (
Date: 06/22/03

  • Next message: "Re: Intrusec 55808 Trojan Analysis"
    Date: Sun, 22 Jun 2003 11:33:03 -0700 (PDT)

    Normally I just skip over scans like this, but the
    source has aroused my curiosity.

    From 0352 - 0441 (PDT) on 6/22/03 all externally
    addressable web servers on our class B were scanned by According the APNIC this address is
    registered to the Philippine Center on Transnational
    Crime. The scan was for the Escaped Characters
    Decoding vulnerability in IIS

    It only checked
    and did not send any other packets that triggered the

    Has anyone else seen anything from the - range?

    Do you Yahoo!?
    SBC Yahoo! DSL - Now only $29.95 per month!

    Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
    world's premier technical IT security event! 10 tracks, 15 training sessions,
    1,800 delegates from 30 nations including all of the top experts, from CSO's to
    "underground" security specialists. See for yourself what the buzz is about!
    Early-bird registration ends July 3. This event will sell out.

  • Next message: "Re: Intrusec 55808 Trojan Analysis"