GS2
WsIRT Handler
Joined: Sep 04, 2007
Posts: 24
Location: Uk
|
 Posted: Thu Nov 29, 2007 3:27 pm Post subject: [WsIRT#87] id Disclosure |
|
|
Attack Alert
Full Report:  /id_Disclosure_attack87.html
Changed status to confirmed attack.
The machine hosting this script is being used as a source of software to launch attacks against other systems. The script uses an exploit to remotely inject the code; if successfull the functions of the exploit would enable the attacker to identify the web daemon's user identity 'id', and therefore the level of permissions it has. The script has no useful purpose but an attempt to identify if a server is open for further compromise.
IP Converted: 207.217.125.50
dword = 3487137074
hex1 = 0xcfd97d32
hex2 = 0xcf.0xd9.0x7d.0x32
oct = 0317.0331.0175.062
View CIDR AS4355 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4355
"4355 | US | arin | 2000-04-20 | ERMS-EARTHLNK - EARTHLINK, INC."<br />
Extended information for AS4355:
State/Province: ga
Country: us
Responsible Domain: earthlink.net
Abuse Email: abuse@earthlink.net
The WHOIS registration information indicates this domain was created 2007/11/16. We request that the registrar of the domain undertake an investigating for breaches of both their "Domain name registration agreement" and "Acceptable Use Policy".
| Quote: | | http://cotine.net/id.txt? |
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
