Overall, there was not much of note happening on Father's Day. Just one little tidbit to mention:
One of the handlers noticed some unusual traffic on a honeypot, but we have been unable to link it to any known tool/exploit/etc...
The traffic involved a connection tcp port 29296 with the following commands:
GET /2004/6/18/18/54/15/ HTTP/1.1
User-Agent: Mozilla/777.1 (compatible; MSIE 888.12; Windows
If anyone recognizes this pattern and has more information please let us know.
Jun 20th 2004
1 decade ago