Ok ok, so in the day and age of spoofed IP addresses and such I shouldn't read too much into this but I did think it was kinda funny.
I was going through my access logs on my webserver. It's just a little project box that I but some of my 914/VW content. More VW content than anything else really. Like I say it's just something to help me learn Linux and Apache.
I use PF to block request from IP ranges that I see frequent activity from. FWIW, if you're in most of Asia, parts of France and a few places in northern Europe, you probably can't see my site listed in my signature.
Anyway, checking the logs today I see the following buffer overflow attempt.
"148.203.151.18 - - [14/May/2004:20:14:02 -0400] "SEARCH /\x90\x02±......"
I ran a whois on the IP and got this and thought I'd share...
whois 148.203.151.18
[Querying whois.arin.net]
[Redirected to whois.lacnic.net]
[Querying whois.lacnic.net]
[whois.lacnic.net]
% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2004-05-20 11:19:55 (BRT -03:00)
inetnum: 148.203/16
status: reassigned
owner: Volkswagen de Mexico, S.A. de C.V.
ownerid: MX-VMSC1-LACNIC
address: Autopista Mexico-Puebla Km. 875
address: Apartado Postal 875
address: Puebla, Puebla
country: MX
owner-c: TS1476-ARIN
inetrev: 148.203/16
nserver: IZTA.VW-GEDAS.COM.MX
nsstat: 20040519 AA
nslastaa: 20040519
nserver: PICO.VW-GEDAS.COM.MX
nsstat: 20040519 UH
nslastaa: 20031003
created: 19941020
changed: 19960603
inetnum-up: 148.203/16
source: ARIN-LACNIC-TRANSITION
nic-hdl: TS1476-ARIN
person: Thorsten Sommer
e-mail: tsommer@NOC.UDLAP.MX
address: Volkswagen-Gedas
address: Autopista Mexico-Puebla Km. 875
address: Apartado Postal 875
address: Puebla, Puebla
country: MX
phone: (5222) 234152
source: ARIN-LACNIC-TRANSITION
Looks like the man is trying to put me down.