|
Overall, there was not much of note happening on Father's Day. Just one little tidbit to mention:
One of the handlers noticed some unusual traffic on a honeypot, but we have been unable to link it to any known tool/exploit/etc... The traffic involved a connection tcp port 29296 with the following commands: GET /2004/6/18/18/54/15/ HTTP/1.1 User-Agent: Mozilla/777.1 (compatible; MSIE 888.12; Windows NT 999.1) Host: xxx.xxx.xxx.xxx:29296 If anyone recognizes this pattern and has more information please let us know. |
Brian 22 Posts Jun 20th 2004 |
| Thread locked Subscribe |
Jun 20th 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
