Yet another IP banned

Noticed two interesting hits in the http://www.tedroche.com web server log today:

2004-01-18 13:05:56 203.177.113.121 - 192.168.1.98 80 GET /_vti_bin/owssvr.dll UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)

2004-01-18 13:05:58 203.177.113.121 - 192.168.1.98 80 GET /MSOffice/cltreq.asp UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0|-|0|404_Object_Not_Found 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)

I’d guess that the first is a call to the Outlook Web Service for exchange, and the second a probe to see if there’s an MSOffice or Office Web Parts installation on the machine, each presumably exploiting a Microsoft security problem.

The address of the inquirer is located in the Phillipines. I don’t really know enough to determine if that is a compromised machine, or if that is the location of the malicious attack. You’d presume they’d hide themselves, but this isn’t my specialty. I just ban the IP addresses I see.

No comments yet.

Leave a Reply

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.