[Dshield] Port 80 followed by 2238

Dave fb0xwp802 at sneakemail.com
Tue Dec 27 03:23:31 GMT 2005


Here's one I haven't seen: An initial port 80 attack followed by 2 port
2238 probes at 10 minute intervals...

Dec 26 21:08:38 mysys apache[29611]: [error] [client xxx.205.250.128] Invalid method in request \\xa2\\xff\\x06
Dec 26 21:19:05 mysys : Initial Connect - tarpitting: xxx.205.250.128 50785 -> <my-ip> 2238
Dec 26 21:28:18 mysys : Initial Connect - tarpitting: xxx.205.250.128 50214 -> <my-ip> 2238

What is it?

/dave


--------------------------------------
Protect yourself from spam, 
use http://sneakemail.com


More information about the list mailing list