[Emerging-Sigs] lots of hits on ET CURRENT_EVENTS Unknown Roundcube Vulnerability Scan Variant 2

Matt Jonkman jonkman at jonkmans.com
Wed Jan 14 13:12:39 EST 2009


Are you running roundcube? Do you have something at the uri?

Interesting that you're getting hit heavily by one place...

Russell Fulton wrote:
> Just one host...
> 
> META   
> SID    CID    TimeStamp    Signature    Sig ID
> 6    24198529    2009-01-14 10:51:36    ET CURRENT_EVENTS Unknown
> Roundcube Vulnerability Scan Variant 2    2008990
> Sensor Hostname    Sensor Interface
> monitor-dmzo.isec.auckland.ac.nz    dmz sensor
> IP   
> Source Address    Dest Address    Ver    Hdr Len    TOS    length   
> ID    flags    offset    TTL    chksum
> 24.213.90.168    130.216.33.129    4    5    0    227    37899    2   
> 0    43    41779
> Resolved Source    Resolved Dest
> unknown.caratnetworks.com     csivm1.cs.auckland.ac.nz
> TCP   
> Source Port    Dest Port    Seq    Ack    Offset    Reserved    Flags   
> Window    Checksum    Urgent Ptr
> 41933    80    1710443432    3511506871    8    0    24    54    53595    0
> Options
> None
> Flags
> RB 1    RB 0    URG    ACK    PSH    RST    SYN    FIN
>             X     X            
> 
> DATA   
> 
> GET /mail/bin/msgimport HTTP/1.1..User-Agent: Mozilla/5.0 (W
> indows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/20081201
> 22 Firefox/3.0.5..Host: 130.216.33.129..Accept: */*....
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc




More information about the Emerging-sigs mailing list