Scan from Philipine Center on Transnational Crime

• Previous message: gwhy555_at_yahoo.com: "Re: Intrusec 55808 Trojan Analysis"
• Next in thread: ATD: "Re: Scan from Philipine Center on Transnational Crime"
• Reply: ATD: "Re: Scan from Philipine Center on Transnational Crime"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 22 Jun 2003 11:33:03 -0700 (PDT)
To: incidents@securityfocus.com

Normally I just skip over scans like this, but the
source has aroused my curiosity.

From 0352 - 0441 (PDT) on 6/22/03 all externally
addressable web servers on our class B were scanned by
210.23.116.11. According the APNIC this address is
registered to the Philippine Center on Transnational
Crime. The scan was for the Escaped Characters
Decoding vulnerability in IIS
(http://www.securityfocus.com/bid/2708/discussion/).

It only checked
http://TARGET/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
and did not send any other packets that triggered the
IDS.

Has anyone else seen anything from the 210.23.116.8 -
210.23.116.15 range?

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

• Previous message: gwhy555_at_yahoo.com: "Re: Intrusec 55808 Trojan Analysis"
• Next in thread: ATD: "Re: Scan from Philipine Center on Transnational Crime"
• Reply: ATD: "Re: Scan from Philipine Center on Transnational Crime"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]