From lordharv@clark.net Thu Jul 25 07:28:05 1996 Received: from mail.Clark.Net (mail.clark.net [168.143.0.10]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id HAA12370 for ; Thu, 25 Jul 1996 07:27:54 +1000 Received: from clark.net (root@clark.net [168.143.0.7]) by mail.Clark.Net (8.7.3/8.6.5) with ESMTP id RAA28870; Wed, 24 Jul 1996 17:27:43 -0400 (EDT) Received: from clark.net (lordharv@localhost [127.0.0.1]) by clark.net (8.7.1/8.7.1) with ESMTP id RAA08942; Wed, 24 Jul 1996 17:27:42 -0400 (EDT) Message-Id: <199607242127.RAA08942@clark.net> To: Eric Jacksch cc: Randy Terbush , best-of-security@suburbia.net, lordharv@clark.net Subject: Re: BoS: Agressive Web Vulnerability Probe In-reply-to: Your message of "Wed, 24 Jul 1996 13:08:00 EDT." Date: Wed, 24 Jul 1996 17:27:41 -0400 From: Lord Harvey Randomfactor > On Wed, 24 Jul 1996, Randy Terbush wrote: > > > I'm forwarding the following log info for a recent probe on some of > > our web servers. From conversations with other web admins across the > > country, this probe has been extremely far reaching. Attempts to > > contact the source of the probe have been unsuccessful. > > > sentry.wood.com - - [14/Jul/1996:22:43:17 -0500] "GET /cgi-bin/phf?Qalias=f oo%0a > > id" 404 419 > > We've logged that on a number of servers in this area. Email to wood.com, > and a phone call to their service provider has not been returned. > > Regards, > Eric Hrm - I've been seeing like stuff, but not from wood.com. What you two have seen is not all that different from what I've seen, so there's nothing new I can add. Since I have httpd wrappered, I think I'll just go ahead and block wood.com now. Thanks for the heads-up, guys. LHR > > Ottawa, Ontario, Canada > > --------------------------------------------------- > Eric Jacksch Tenebris Technologies Inc. > jacksch@tenebris.com http://www.tenebris.com > --------------------------------------------------- >