[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80
- To: full-disclosure@xxxxxxxxxxxxxxxxx, ganbold@xxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80
- From: "Joey Mengele" <joey.mengele@xxxxxxxxxxxx>
- Date: Fri, 18 Apr 2008 09:04:24 -0400
Ganbold,
This sounds like a textbook case of Cross Site Scripting (XSS).
Consider filtering user output more carefully.
J
On Fri, 18 Apr 2008 03:54:24 -0400 Ganbold <ganbold@xxxxxxxxxxxxx>
wrote:
>Hi,
>
>Recently I have seen a lots of connections to 64.40.117.19 port 80
>in
>one of our clients network.
>Connections are coming from all over the Internet (various
>different
>IPs) specifically to this IP.
>Due to this problem (I guess it is DDoS) one of our router's CPU
>usage
>grew up to 100% and stopped a service
>for a while.
>What kind of problem this could be?
>Has anybody seen this kind of attack before?
>I appreciate if somebody can enlighten me in this regard.
>
>thanks in advance,
>
>Ganbold
>
>--
>The more control, the more that requires control.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
--
Click to make millions by owning your own franchise.
http://tagline.hushmail.com/fc/Ioyw6h4eB8rENcAX63OKyEklXhdt1htMFgy2tF8DC8RCA04pNI4uPe/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/