Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-06-20 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Honeypot Abnormality

Published: 2004-06-20
Last Updated: 2004-06-20 23:00:32 UTC
by Brian Granier (Version: 1)
0 comment(s)
Overall, there was not much of note happening on Father's Day. Just one little tidbit to mention:



One of the handlers noticed some unusual traffic on a honeypot, but we have been unable to link it to any known tool/exploit/etc...



The traffic involved a connection tcp port 29296 with the following commands:



GET /2004/6/18/18/54/15/ HTTP/1.1

User-Agent: Mozilla/777.1 (compatible; MSIE 888.12; Windows
NT 999.1)

Host: xxx.xxx.xxx.xxx:29296



If anyone recognizes this pattern and has more information please let us know.
Keywords:
0 comment(s)
Diary Archives