Sonntag, 30. August 2015

The /tmUnblock.cgi attack

I guess you all know about the /tmUnblock.cgi stuff, like discussed on SANS.
Basically this is all about an Linksys related vulnerability.

To clean up my vacation logs :-) I will just post the IPs I have seen

 110.170.205.51
 119.42.100.97
 184.63.49.75
 188.66.67.75
 189.111.224.206
 24.5.88.185
 62.16.232.164
 72.131.123.9
 72.230.248.73
 73.169.21.22
 79.18.235.38
 104.220.0.141
 149.129.69.111
 193.106.234.32
 208.91.177.236
 67.242.13.119
 68.51.170.119
 75.128.82.173
 89.232.118.181