Date: Sat, 21 Jul 2001 14:01:05 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "David Powers" <dnpowers@swbell.net>, <freebsd-security@freebsd.org> Subject: Re: Recent probes Message-ID: <004601c11217$7e416fd0$0101a8c0@cascade> References: <00b401c11182$fb2f8260$0401a8c0@swbell.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Yeah -- there is an IIS exploit that they seem to try on ALL server. It will incidentally drop a Cisco 67x DSL router if it hasn't been updated to the latest CBOS and the web management interface is enabled. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "David Powers" <dnpowers@swbell.net> To: <freebsd-security@freebsd.org> Sent: Friday, July 20, 2001 8:17 PM Subject: Recent probes > I have been getting a rash of probes to TCP/80 recently, is there a recent > issue that they might be trying to exploit? Below is the data on the probes > origination. > > /kernel: ipfw: 65435 Deny TCP 203.126.35.77:2543 64.218.90.203:80 in via > tun0 > > ; <<>> DiG 8.3 <<>> -x > ;; res options: init recurs defnam dnsrch > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; QUERY SECTION: > ;; 77.35.126.203.in-addr.arpa, type = ANY, class = IN > > ;; AUTHORITY SECTION: > 35.126.203.in-addr.arpa. 1D IN SOA dnspri.singnet.com.sg. > hostmaster.singnet.com.sg. ( > 2000101700 ; serial > 30M ; refresh > 15M ; retry > 1W ; expiry > 1D ) ; minimum > > inetnum: 203.126.35.64 - 203.126.35.95 > netname: SUNRIGHT-SG > descr: SunRight Limited > descr: 1093 Lower Delta Road > descr: #02-01/08 > descr: Singapore 169204 > country: SG > admin-c: SAT1-AP > tech-c: SH9-AP > rev-srv: dnssec1.singnet.com.sg > rev-srv: dnssec2.singnet.com.sg > rev-srv: dnssec3.singnet.com.sg > notify: hostmaster@singnet.com.sg > mnt-by: MAINT-SG-SINGNET > changed: hostmaster@singnet.com.sg 20001016 > source: APNIC > > person: Sim Ah Tee > address: SunRight Limited > address: 1093 Lower Delta Road > address: #02-01/08 > address: Singapore 169204 > phone: +65 3749553 > fax-no: +65 2768426 > e-mail: srmis@pacific.net.sg > nic-hdl: SAT1-AP > notify: hostmaster@singnet.com.sg > mnt-by: MAINT-SG-SINGNET > changed: hostmaster@singnet.com.sg 20001016 > source: APNIC > > person: SingNet Hostmaster > address: SingNet Engineering & Operations > address: 2 Stirling Road > address: #03-00 Queenstown Exchange > address: Singapore 148943 > phone: +65 7845922 > fax-no: +65 4753273 > e-mail: hostmaster@singnet.com.sg > nic-hdl: SH9-AP > notify: hostmaster@singnet.com.sg > mnt-by: MAINT-SG-SINGNET > changed: hostmaster@singnet.com.sg 20000921 > source: APNIC > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004601c11217$7e416fd0$0101a8c0>