Re: this is a port scan, right?
From: Allodoxaphobia (bit-bucket_at_config.com)
Date: 07/30/05
- Next message: Todd H.: "Re: this is a port scan, right?"
- Previous message: The Doctor: "One-Stop Security HArdware Devices"
- In reply to: Bush is a Fascist: "this is a port scan, right?"
- Next in thread: Bush is a Fascist: "Re: this is a port scan, right?"
- Reply: Bush is a Fascist: "Re: this is a port scan, right?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Jul 2005 16:11:38 GMT
On 30 Jul 2005 06:07:49 -0700, Bush is a Fascist wrote:
> Hi all,
>
> My webserver is telling me that it has received the following
> types of accesses repeatedly from several of my fellow comcast
> subscribers.
>
> 1. they access port 80 but they fail to send by HTTP
> request: zero bytes received.
>
> 2. soon after they access port 80 again and send a very short
> HTTP request, consisting of "GET /" line, a Host line,
> and sometimes a long Authenication line. My server
> successfully write()'s bytes back to the client program.
> Once, the Authentication line looked very odd, like a
> bunch of zero bytes with a chunk of perhaps program code
> in the middle.
>
> Keep in mind that no domain is associated with my server's IP.
>
> IPs of offenders are always similar to my own IP.
>
> So they're port scanning, right?
No. They are Way Past port scanning you. They've now found a 1D10T.
They're cracking -- or, attempting to crack.
Why in the hell do you have an open port 80 (or, _any_ open port)
as a ".. fellow comcast subscriber."
It's a buffer overflow crack (attempt).
Jonesy
- Next message: Todd H.: "Re: this is a port scan, right?"
- Previous message: The Doctor: "One-Stop Security HArdware Devices"
- In reply to: Bush is a Fascist: "this is a port scan, right?"
- Next in thread: Bush is a Fascist: "Re: this is a port scan, right?"
- Reply: Bush is a Fascist: "Re: this is a port scan, right?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
