I have been getting these too.
Here is the scary part:
I got repetitive scans for this and other vulnerability scans, lumped together
and not making any sense (the requests would not return any usable user data
and are out of context)>
I complained logged a request for prosecution on a European attack source, and
on their provider.
Since 24h after that, all such scans stopped, I did not see one for three days
now.
There were some every day.
It is one source, using probably compromised servers all over the world (why
would Chinese origins and European origins stop at the same time?)
There were also always correlated connection requests after a scan (this is a
honeypot, I am good!) from other IPs in sequence after such a scan.
Sure, hhere are script kiddies out there.
This is one organization using worldwide - eventually compromised - hosts to
scan periodically, probably the whole 'I'.
Wonder who could that be, who just got ratted out to a foreign coutrie's
justics system....
me, safe and secure behind my systems
microsoft free of course...........
This is very significant, since these scans happened a couple of times a day
(less than a dozen) from different IPs all over the world.
I bet, the moment this message here percolated, just to prove the point, that
organization will launch at least one new scan, within baout 12h.
me
-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
