[Dshield] automated probe?
bf at coffeecrew.org
Wed May 14 11:37:38 GMT 2008
it is a probe for Frontpage Server Extensions, as you can see the fp30.reg.dll.
And the x90 is a noop and therefor looks like a Buffer Overflow.
It seems to be very old.
----- "Rick Leir" <rdshield at leirtech.com> schrieb:
> The same someone is probing my apache every few days. I can
> a badguy probing once, but it seems to be automated. What is
> From my logwatch:
> A total of 1 sites probed the server
> Requests with error response codes
> 404 Not Found
> /_vti_bin/_vti_aut/fp30reg.dll: 1 Time(s)
> 414 Request-URI Too Large
> /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\ ...
> 1 Time(s)
> ARIN whois:
> PPPoX Pool - Bras2 stlsmo 062104-1903.615166
> SBC06915502800023040926182104 (NET-69-155-28-0-1)
> 188.8.131.52 - 184.108.40.206
More information about the list