[Dshield] http "get x" requests?

John Sage jsage at finchhaven.com
Sun May 12 16:08:35 GMT 2002


Unless I'm missing something entirely, this appears to have originated
in CN...

> > 61.156.9.133 gsa.creighton.edu - [10/May/2002:13:45:52 -0500] "GET x

BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
© 1999-2001 William E. Weinman 

% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html
% (whois6.apnic.net) 

inetnum:     61.156.0.0 - 61.156.255.255

netname:     CHINANET-SD
descr:       CHINANET Shandong province network
descr:       Data Communication Division
descr:       China Telecom
country:     CN
admin-c:     CH93-AP
tech-c:      XZ14-AP
mnt-by:      MAINT-CHINANET
mnt-lower:   MAINT-ZXF
changed:     hostmaster at ns.chinanet.cn.net 20000701
source:      APNIC 

person:      Chinanet Hostmaster
address:     A12,Xin-Jie-Kou-Wai Street
country:     CN
phone:       +86-10-62370437
fax-no:      +86-10-62053995
e-mail:      hostmaster at ns.chinanet.cn.net
nic-hdl:     CH93-AP
mnt-by:      MAINT-CHINANET
changed:     hostmaster at ns.chinanet.cn.net 20000101
source:      APNIC 

person:      XIAOFENG ZHANG
address:     Shandong Public Information Service Bureau
address:     No.77 Jingsan Road,Jinan,Shandong P.R China
country:     CN
phone:       +86-531-6052163
fax-no:      +86-531-6052414
e-mail:      ip at pub.sd.cninfo.net
nic-hdl:     XZ14-AP
mnt-by:      MAINT-ZXF
changed:     zxf at sdinfo.net 20001012
source:      APNIC


- John
-- 
Most people don't type their own logfiles;  but, what do I care?

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 



On Sat, May 11, 2002 at 09:11:17PM +0200, Uros Vovcak wrote:
> where is the log that confirms our client involvement...???
> Get x is method that client was triggered to the server


> ----- Original Message -----
> From: "Brenna Primrose" <drxlecter at phreaker.net>
> To: <list at dshield.org>
> Sent: Friday, May 10, 2002 8:53 PM
> Subject: [Dshield] http "get x" requests?
> 
> 
> > Someone did a mass scan of our http servers today...I am not familiar
> > with this.
> >
> > 61.156.9.133 gsa.creighton.edu - [10/May/2002:13:45:52 -0500] "GET x
> > HTTP/1.0" 400 2498 "" ""
> >
> > What is "GET x"?
> >
> > Thanks,
> > Brenna
> >




More information about the list mailing list