Re: Chinese HTTP ACKs
From: Peter Kerr (p.kerr_at_auckland.ac.nz)
Date: 02/10/05
- Previous message: Frank Knobbe: "Re: Chinese HTTP ACKs"
- Maybe in reply to: David Gillett: "Chinese HTTP ACKs"
- Next in thread: Kelsey Dawes: "Re: Chinese HTTP ACKs"
- Reply: Kelsey Dawes: "Re: Chinese HTTP ACKs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 10 Feb 2005 14:46:22 -0000 To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <1107987233.679.89.camel@localhost>
>From: Frank Knobbe <frank@knobbe.us>
>In-Reply-To: <00f101c50ed2$56e35ff0$646f1299@HURON>
>Date: Wed, 09 Feb 2005 16:13:53 -0600
...
>Oh, and they also performed proxy checks (trying GET http://
www.sohu.com
>against the tested hosts). Not really a feature of a search engine
>either :)
>
>These accesses were observed from 61.135.131.0/24 and
220.181.26.0/24.
>
>You might want to keep an eye on those subnets. Has anyone else
noticed
>attempts from Sohu or has some more information he can share
here?
>
61.128.234.194 - - [31/Jan/2005:19:12:34 +1300] "GET http://
www.sina.com.cn/ HTTP/1.1" 200 1090
Just the one GET, no other probing, also once each on 28 & 29 Jan.
There have been bots from all places except .cn looking thru my index
structure. I just assumed this guy was looking for an open proxy, didn't
find it & went away.
- Previous message: Frank Knobbe: "Re: Chinese HTTP ACKs"
- Maybe in reply to: David Gillett: "Chinese HTTP ACKs"
- Next in thread: Kelsey Dawes: "Re: Chinese HTTP ACKs"
- Reply: Kelsey Dawes: "Re: Chinese HTTP ACKs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
