From owner-freebsd-security Fri Jul 20 18:18: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from mta5.rcsntx.swbell.net (mta5.rcsntx.swbell.net [151.164.30.29]) by hub.freebsd.org (Postfix) with ESMTP id D8AEA37B401 for ; Fri, 20 Jul 2001 18:18:02 -0700 (PDT) (envelope-from dnpowers@swbell.net) Disposition-notification-to: David Powers Received: from daveabit ([64.218.90.203]) by mta5.rcsntx.swbell.net (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with SMTP id <0GGS00MF3U4Y3A@mta5.rcsntx.swbell.net> for freebsd-security@freebsd.org; Fri, 20 Jul 2001 20:14:59 -0500 (CDT) Date: Fri, 20 Jul 2001 20:17:59 -0500 From: David Powers Subject: Recent probes To: freebsd-security@freebsd.org Message-id: <00b401c11182$fb2f8260$0401a8c0@swbell.net> MIME-version: 1.0 X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: 7bit Importance: Normal X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-Priority: 3 (Normal) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have been getting a rash of probes to TCP/80 recently, is there a recent issue that they might be trying to exploit? Below is the data on the probes origination. /kernel: ipfw: 65435 Deny TCP 203.126.35.77:2543 64.218.90.203:80 in via tun0 ; <<>> DiG 8.3 <<>> -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; 77.35.126.203.in-addr.arpa, type = ANY, class = IN ;; AUTHORITY SECTION: 35.126.203.in-addr.arpa. 1D IN SOA dnspri.singnet.com.sg. hostmaster.singnet.com.sg. ( 2000101700 ; serial 30M ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum inetnum: 203.126.35.64 - 203.126.35.95 netname: SUNRIGHT-SG descr: SunRight Limited descr: 1093 Lower Delta Road descr: #02-01/08 descr: Singapore 169204 country: SG admin-c: SAT1-AP tech-c: SH9-AP rev-srv: dnssec1.singnet.com.sg rev-srv: dnssec2.singnet.com.sg rev-srv: dnssec3.singnet.com.sg notify: hostmaster@singnet.com.sg mnt-by: MAINT-SG-SINGNET changed: hostmaster@singnet.com.sg 20001016 source: APNIC person: Sim Ah Tee address: SunRight Limited address: 1093 Lower Delta Road address: #02-01/08 address: Singapore 169204 phone: +65 3749553 fax-no: +65 2768426 e-mail: srmis@pacific.net.sg nic-hdl: SAT1-AP notify: hostmaster@singnet.com.sg mnt-by: MAINT-SG-SINGNET changed: hostmaster@singnet.com.sg 20001016 source: APNIC person: SingNet Hostmaster address: SingNet Engineering & Operations address: 2 Stirling Road address: #03-00 Queenstown Exchange address: Singapore 148943 phone: +65 7845922 fax-no: +65 4753273 e-mail: hostmaster@singnet.com.sg nic-hdl: SH9-AP notify: hostmaster@singnet.com.sg mnt-by: MAINT-SG-SINGNET changed: hostmaster@singnet.com.sg 20000921 source: APNIC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message