BIND scan from Wanadoo.fr

From: Gary Baribault (gary@baribault.net)
Date: 08/16/02

Previous message: Brooke, O'neil (EXP): "RE: Standardized Reporting"
Next in thread: David Höhn: "Re: [Whitehat] BIND scan from Wanadoo.fr"
Reply: David Höhn: "Re: [Whitehat] BIND scan from Wanadoo.fr"
Reply: Baribault, Gary: "Re: BIND scan from Wanadoo.fr"
Reply: WebMaster@rbfcu.org: "Re: BIND scan from Wanadoo.fr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 15 Aug 2002 20:23:30 -0400
To: incidents@securityfocus.com
From: Gary Baribault <gary@baribault.net>

I am used to seeing those idiots scanning for FTP and I have them all
blocked in and out with out logged .. Recently I say a big jump in OUTPUT
REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I
also recently noticed them scanning for HTTP. Anyone seen this as well?

Gary Baribault
gary@baribault.net

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Previous message: Brooke, O'neil (EXP): "RE: Standardized Reporting"
Next in thread: David Höhn: "Re: [Whitehat] BIND scan from Wanadoo.fr"
Reply: David Höhn: "Re: [Whitehat] BIND scan from Wanadoo.fr"
Reply: Baribault, Gary: "Re: BIND scan from Wanadoo.fr"
Reply: WebMaster@rbfcu.org: "Re: BIND scan from Wanadoo.fr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Scan for anonymous ftp...
... : If someone is scanning for anonymous Ftp:s is that ok? ... Most ftp sites have a policy. ... tags it with a "unerasable" direcory structure and ... This is not legal and is usually reported by the firewall admin ...
(comp.security.firewalls)
Re: LAN issue with FTP
... We are unable to install the scanning software on this ... >>It is my understanding that the scanning software uses ftp to communicate ... this pc will not install this software. ...
(microsoft.public.backoffice.smallbiz2000)
Re: [Whitehat] BIND scan from Wanadoo.fr
... > I am used to seeing those idiots scanning for FTP and I have them all ... > REJECTs and when I investigated I found 62.155/11 scanning for BIND .. ... I am not observing any bind scans from that subnet, but I am seeing a lot ... of IIS script exploit attemtps and PHP content disposition exploit ...
(Incidents)
Re: address already in use
... Our networ scanner software was running an ftp ... server for scanning to FTP I just had to change the port ...
(microsoft.public.inetserver.iis.ftp)
Re: BIND scan from Wanadoo.fr
... >REJECTs and when I investigated I found 62.155/11 scanning for BIND .. ... >For more information on this free incident handling, management ... >and tracking system please see: http://aris.securityfocus.com ...
(Incidents)