Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Honeypot Abnormality SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Honeypot Abnormality
Overall, there was not much of note happening on Father's Day. Just one little tidbit to mention:



One of the handlers noticed some unusual traffic on a honeypot, but we have been unable to link it to any known tool/exploit/etc...



The traffic involved a connection tcp port 29296 with the following commands:



GET /2004/6/18/18/54/15/ HTTP/1.1

User-Agent: Mozilla/777.1 (compatible; MSIE 888.12; Windows
NT 999.1)

Host: xxx.xxx.xxx.xxx:29296



If anyone recognizes this pattern and has more information please let us know.
Brian

22 Posts

Sign Up for Free or Log In to start participating in the conversation!