Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Honeypot Abnormality - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Honeypot Abnormality
Overall, there was not much of note happening on Father's Day. Just one little tidbit to mention:

One of the handlers noticed some unusual traffic on a honeypot, but we have been unable to link it to any known tool/exploit/etc...

The traffic involved a connection tcp port 29296 with the following commands:

GET /2004/6/18/18/54/15/ HTTP/1.1

User-Agent: Mozilla/777.1 (compatible; MSIE 888.12; Windows
NT 999.1)


If anyone recognizes this pattern and has more information please let us know.

22 Posts
Jun 20th 2004

Sign Up for Free or Log In to start participating in the conversation!