Has anyone seen this pattern?

From: VanMeter, John (John.VanMeter@ost.dot.gov)
Date: 10/19/01


Message-ID: <23C309FEA282A943AE132127AABBC1E7232B68@ostex001.ad.ost.dot.gov>
From: "VanMeter, John" <John.VanMeter@ost.dot.gov>
To: "Incidents (E-mail)" <INCIDENTS@SECURITYFOCUS.COM>, "SECURITY-BASICS (E-mail)" <SECURITY-BASICS@SECURITYFOCUS.COM>
Subject: Has anyone seen this pattern?
Date: Fri, 19 Oct 2001 09:13:34 -0400

Interesting Pattern... if you look at the below information you can see two
things.
        1. All IP address start in the 199.x.x.x
        2. the attacks use the same 13 attempted HTTP Attacks and 14
Suspicious URL
The only different one was 199.111.x.x which used 26 HTTP Attacks and 26
Suspicious URL.

13 Oct 2001

199.219.x.x
                        13 Attempted HTTP Attack
        14 Suspicious URL

199.104.x.x
                                13 Attempted HTTP Attack
        14 Suspicious URL

199.203.x.x
        13 Attempted HTTP Attack
        14 Suspicious URL

199.111.x.x
                26 Attempted HTTP Attack
        26 Suspicious URL

16 Oct 2001

199.227.x.x
        13 Attempted HTTP Attack
        14 Suspicious URL

Has anyone else seen this?
Thank You,
John van Meter
Security Administrator

Nothing is fool-proof to a sufficiently talented fool

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: Has anyone seen this pattern?
    ... Has anyone seen this pattern? ... On Fri, 19 Oct 2001, VanMeter, John wrote: ... > Suspicious URL ...
    (Incidents)
  • RE: Has anyone seen this pattern?
    ... or POST attempts or webserver log entries? ... Has anyone seen this pattern? ... > Suspicious URL ... > This list is provided by the SecurityFocus ARIS analyzer service. ...
    (Security-Basics)
  • Re: Has anyone seen this pattern?
    ... Has anyone seen this pattern? ... On Fri, 19 Oct 2001, VanMeter, John wrote: ... > Suspicious URL ...
    (Security-Basics)
  • Re: Pattern for create a webservice with Api Key?
    ... I doubt that there's any single pattern yet. ... An API key is a relatively new concept, at least in the sense used by things like Google Maps. ... Before the Internet, there were certainly software libraries one could purchase that would need to be initialized using a license key before they could be used; however, this was all on a single machine, and even within the address space of a single process, so there was little "management" necessary. ... You'll probably need to specify what sort of "management" functions you have in mind. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Finally which ORM tool?
    ... O/R mappers is the cause of many of these problems, ... why we didn't use this pattern in LLBLGen Pro. ... Maybe I'm not understanding what you mean by identity management but I use Guid fields for all my Object Ids so I don't have any "management" issues. ...
    (microsoft.public.dotnet.languages.csharp)