Has anyone seen this pattern?
From: VanMeter, John (John.VanMeter@ost.dot.gov)Date: 10/19/01
- Previous message: Mike Tancsa: "Re: many port 4599 probes"
- Next in thread: Jay D. Dyson: "Re: Has anyone seen this pattern?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <23C309FEA282A943AE132127AABBC1E7232B68@ostex001.ad.ost.dot.gov> From: "VanMeter, John" <John.VanMeter@ost.dot.gov> To: "Incidents (E-mail)" <INCIDENTS@SECURITYFOCUS.COM>, "SECURITY-BASICS (E-mail)" <SECURITY-BASICS@SECURITYFOCUS.COM> Subject: Has anyone seen this pattern? Date: Fri, 19 Oct 2001 09:13:34 -0400
Interesting Pattern... if you look at the below information you can see two
things.
1. All IP address start in the 199.x.x.x
2. the attacks use the same 13 attempted HTTP Attacks and 14
Suspicious URL
The only different one was 199.111.x.x which used 26 HTTP Attacks and 26
Suspicious URL.
13 Oct 2001
199.219.x.x
13 Attempted HTTP Attack
14 Suspicious URL
199.104.x.x
13 Attempted HTTP Attack
14 Suspicious URL
199.203.x.x
13 Attempted HTTP Attack
14 Suspicious URL
199.111.x.x
26 Attempted HTTP Attack
26 Suspicious URL
16 Oct 2001
199.227.x.x
13 Attempted HTTP Attack
14 Suspicious URL
Has anyone else seen this?
Thank You,
John van Meter
Security Administrator
Nothing is fool-proof to a sufficiently talented fool
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Mike Tancsa: "Re: many port 4599 probes"
- Next in thread: Jay D. Dyson: "Re: Has anyone seen this pattern?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
