Re: Your focus-ms / focus-ids posting...
From: Greg Shipley (gshipley@neohapsis.com)Date: 09/19/01
- Previous message: Stuart Staniford: "Re: Snort and SourceFire Commercial Support"
- In reply to: Jose Nazario: "Re: Your focus-ms / focus-ids posting..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Sep 2001 12:13:12 -0500 (CDT) From: Greg Shipley <gshipley@neohapsis.com> To: Jose Nazario <jose@biocserver.BIOC.cwru.edu> Subject: Re: Your focus-ms / focus-ids posting... Message-ID: <Pine.LNX.4.33.0109191211000.13742-100000@7of9.neohapsis.com>
On Wed, 19 Sep 2001, Jose Nazario wrote:
> On Wed, 19 Sep 2001, Naseer Bhatti wrote:
>
> > The alarming one is server1.sans.org (167.216.133.33 )
>
> my best guess so far is an attempt to DoS the SANS server offline with
> flooding traffic. i just don't think SANS would be associated, even
> remotely (ie a rogue employee), with something like this.
Agreed. I really don't think SANS is affiliated with this (outside of
reporting on it). I would say that I *KNOW* SANS isn't affiliated, but at
this day in age, I'm not sure I know anything for sure. :)
This isn't the first time someone has either spoofed, or embedded, SANS'
related attributes into a hostile act. Let's face it, SANS is an easy
target when it comes to this type of crap.
-Greg
- Previous message: Stuart Staniford: "Re: Snort and SourceFire Commercial Support"
- In reply to: Jose Nazario: "Re: Your focus-ms / focus-ids posting..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
