Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Honeypot Abnormality SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Honeypot Abnormality
Overall, there was not much of note happening on Father's Day. Just one little tidbit to mention:



One of the handlers noticed some unusual traffic on a honeypot, but we have been unable to link it to any known tool/exploit/etc...



The traffic involved a connection tcp port 29296 with the following commands:



GET /2004/6/18/18/54/15/ HTTP/1.1

User-Agent: Mozilla/777.1 (compatible; MSIE 888.12; Windows
NT 999.1)

Host: xxx.xxx.xxx.xxx:29296



If anyone recognizes this pattern and has more information please let us know.
Brian

22 Posts
Jun 20th 2004

Sign Up for Free or Log In to start participating in the conversation!