Re: Distributed MSADC/root.exe scans
From: zeno (bugtraq@cgisecurity.net)Date: 02/25/02
- Previous message: zeno: "Smart Web Application Scanners (Sorta)"
- Maybe in reply to: Chris Adams: "Distributed MSADC/root.exe scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: zeno <bugtraq@cgisecurity.net> To: chris@improbable.org (Chris Adams) Date: Mon, 25 Feb 2002 08:38:27 -0500 (EST)
> I have trouble believing someone would go to the trouble of collecting
> compromised hosts and then waste them stealthily scanning for
> vulnerabilities which even inattentive admins are likely to have patched
> and will trigger any halfway decent IDS but a quick google didn't turn up
> anything much.
> Does anyone know what might be causing this?
People do collect infected hosts for use with ddos nets or machines to bounce from.
I still get valid code red hits almost daily which means alot of people still haven't
patched. I would find it very probable someone is collecting infected/backdoored hosts
for use in a ddos. Its very easy to upload a trojan and gain full access to these machines
so I don't understand why people wouldn't be scanning.
>
> Chris
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: zeno: "Smart Web Application Scanners (Sorta)"
- Maybe in reply to: Chris Adams: "Distributed MSADC/root.exe scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
