Re: [Whitehat] BIND scan from Wanadoo.fr

From: David Höhn (dh@uptime.at)
Date: 08/16/02

Previous message: H C: "RE: Standardized Reporting"
In reply to: Gary Baribault: "BIND scan from Wanadoo.fr"
Next in thread: WebMaster@rbfcu.org: "Re: BIND scan from Wanadoo.fr"
Next in thread: Baribault, Gary: "Re: BIND scan from Wanadoo.fr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 16 Aug 2002 18:21:43 +0200
From: David Höhn <dh@uptime.at>
To: Gary Baribault <gary@baribault.net>, <incidents@securityfocus.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Am 16.08.2002 2:23 Uhr schrieb "Gary Baribault" unter <gary@baribault.net>:

> I am used to seeing those idiots scanning for FTP and I have them all
> blocked in and out with out logged .. Recently I say a big jump in OUTPUT
> REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I
> also recently noticed them scanning for HTTP. Anyone seen this as well?
>

I am not observing any bind scans from that subnet, but I am seeing a lot
of IIS script exploit attemtps and PHP content disposition exploit
attemtpos from wanadoo in their 80.8.5* range. Is that something you
mighthave noticed as well?
- -- "Hell, there are no rules here-- we're trying to accomplish something."
- -- Thomas Alva Edison

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (Darwin)

iD8DBQE9XSaVzaw9WRklNbkRA9RpAKCi3qtZo2ynMghKXpB6AczI05RvhwCeLnaD
z5JpmczP1+W4ZYkjXrYV5k8=
=rn3k
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Previous message: H C: "RE: Standardized Reporting"
In reply to: Gary Baribault: "BIND scan from Wanadoo.fr"
Next in thread: WebMaster@rbfcu.org: "Re: BIND scan from Wanadoo.fr"
Next in thread: Baribault, Gary: "Re: BIND scan from Wanadoo.fr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Scan for anonymous ftp...
... : If someone is scanning for anonymous Ftp:s is that ok? ... Most ftp sites have a policy. ... tags it with a "unerasable" direcory structure and ... This is not legal and is usually reported by the firewall admin ...
(comp.security.firewalls)
Re: LAN issue with FTP
... We are unable to install the scanning software on this ... >>It is my understanding that the scanning software uses ftp to communicate ... this pc will not install this software. ...
(microsoft.public.backoffice.smallbiz2000)
BIND scan from Wanadoo.fr
... I am used to seeing those idiots scanning for FTP and I have them all ... REJECTs and when I investigated I found 62.155/11 scanning for BIND .. ... For more information on this free incident handling, ...
(Incidents)
Re: address already in use
... Our networ scanner software was running an ftp ... server for scanning to FTP I just had to change the port ...
(microsoft.public.inetserver.iis.ftp)