Honeypot Abnormality

Published: 2004-06-20
Last Updated: 2004-06-20 23:00:32 UTC
by Brian Granier (Version: 1)
0 comment(s)
Overall, there was not much of note happening on Father's Day. Just one little tidbit to mention:

One of the handlers noticed some unusual traffic on a honeypot, but we have been unable to link it to any known tool/exploit/etc...

The traffic involved a connection tcp port 29296 with the following commands:

GET /2004/6/18/18/54/15/ HTTP/1.1

User-Agent: Mozilla/777.1 (compatible; MSIE 888.12; Windows
NT 999.1)

Host: xxx.xxx.xxx.xxx:29296

If anyone recognizes this pattern and has more information please let us know.
0 comment(s)


Diary Archives