Odd HTTP Request from China
Results 1 to 2 of 2

Thread: Odd HTTP Request from China

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    8

    Odd HTTP Request from China

    One of my Honeypots got this a few hours ago, perhaps someone has any idea of what's going on.

    61.182.199.238 - Tue, 13 Jun 2006 18:05:24 CST
    GET / HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
    Host: ***.***.***.*** The honeypot's IP Address, not a hostname or anything
    Connection: Keep-Alive


    61.182.199.238 - Tue, 13 Jun 2006 18:05:26 CST
    SEARCH / HTTP/1.1
    Host: ***.***.***.*** The honeypot's IP Address, not a hostname or anything
    a whois of 61.182.199.238 returns:

    % [whois.apnic.net node-2]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

    inetnum: 61.182.199.0 - 61.182.199.255
    netname: SHIJIAZHUANG-TELEVISION-EDUCATION-ADMINISTRATION-CENTER
    country: CN
    descr: SHIJIAZHUANG TELEVISION EDUCATION ADMINISTRATION CENTER
    admin-c: XW33-AP
    tech-c: XW33-AP
    status: ASSIGNED NON-PORTABLE
    changed: wangxueping@heinfo.net 20040117
    mnt-by: MAINT-CNCGROUP-HE
    source: APNIC

    route: 61.182.0.0/16
    descr: CNC Group CHINA169 Hebei Province Network
    country: CN
    origin: AS4837
    mnt-by: MAINT-CNCGROUP-RR
    changed: abuse@cnc-noc.net 20060118
    source: APNIC

    person: Xueping Wang
    nic-hdl: XW33-AP
    e-mail: wangxueping@heinfo.net
    address: FanXi Road 19#
    address: Shi Jia Zhuang, HeBei Province
    address: China
    phone: +86-311-6685271
    fax-no: +86-311-6685210
    country: CN
    changed: wangxueping@heinfo.net 20031211
    mnt-by: MAINT-CNCGROUP-HE
    source: APNIC
    It appears to be someone using IE and Windows 98 in China, who's just happened to stumble across my IP.
    What I don't get is why? Perhaps there's something I'm missing.

    Brett

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Nothing odd about it.. The SEARCH method is part of WebDAV.. IE does this automagicly (if Office is also installed).. In the past there were some issues with WebDAV. Some worms abuse this. This is probably one of them.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •