RE: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!

From: Aditya, ALD [Aditya Lalit Deshmukh] (aditya.deshmukh_at_online.gateway.technolabs.net)
Date: 06/10/04

  • Next message: Marek Isalski: "RE: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!" 
    To: "Billy B. Bilano" <mr.bill.bilano@email.server.unix.bill.bilano.biz>, <full-disclosure@lists.netsys.com>
Date: Thu, 10 Jun 2004 19:11:37 +0530

    >
    > Steve,
    >
    > Sorry to say but it is not! I checked my incoming traffic again
    > this morning
    > and the attack on port 443 is still coming in full steam ahead! I
    > don't know

    COULDN'T THIS BE A SSL DENIAL OF SERVICE ATTACK? ssl requires quite a lot of resourses and if u have a web server running then it might be a dos attack other could you please post some pakets of the captured traffic and also the binary that is listsing on that port?

    > what's going on, but I am about to block that port on my firewall. Some
    > nitwit (probably the idiot that was here before I became IT Director)
    > somehow, for some reason, deliberately opened port 443 on the firewalls!

    there might be a vaild reason for the open port.

    > I am beginning to think that this is the first wave of the new
    > coming global
    > crypto-storm!
    >

    get cover, perpare for the storm all/

    -aditya

    ________________________________________________________________________
    Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Marek Isalski: "RE: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered!"

    Relevant Pages

    • RE: Strange loopback in firefox.
      ... described as heavy attack from outside IP addresses. ... either using the Microsoft_DS port or epmap port to connect). ... For example a connection from port 3014 to 3015 and the next ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • FW: Legal? Road Runner proactive scanning.[Scanned]
      ... You consider a port scan to be an attack? ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: SSH server under attack...
      ... It's highly possible that even though you changed the port, an automated script discovered the new port by probing the ports and matching version numbers, ie: ... the new machine to attack me is 200.55.192.29. ... Failed password for invalid user admin from::ffff:200.55.192.29 port ...
      (Security-Basics)
    • SSH server under attack...
      ... OK...within a few hours the server was being attacked again on port 2222. ... The router/firewall logs dont show any dropped packets sent to port 22 so he changed the port of the attack script. ... I scanned the machine and found that it is hosting a webserver Server at www.springs.cl) among other services. ... Invalid user admin from::ffff:200.55.192.29 Failed password for invalid user admin from::ffff:200.55.192.29 port ...
      (Security-Basics)
    • Vulnerability Scan 200.127.113.193, 69.93.128.17
      ... Two attackers initiated a mass vulnerability scan. ... GET requests on port 80 ... This attack was foreshadowed by a recon probe by A1 on 2004/20/29. ... The URIs requested are all over the place as far as target environment. ...
      (Incidents)
    • Quantcast