Re: [Whitehat] BIND scan from Wanadoo.fr

From: David Höhn (dh@uptime.at)
Date: 08/16/02


Date: Fri, 16 Aug 2002 18:21:43 +0200
From: David Höhn <dh@uptime.at>
To: Gary Baribault <gary@baribault.net>, <incidents@securityfocus.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Am 16.08.2002 2:23 Uhr schrieb "Gary Baribault" unter <gary@baribault.net>:

> I am used to seeing those idiots scanning for FTP and I have them all
> blocked in and out with out logged .. Recently I say a big jump in OUTPUT
> REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I
> also recently noticed them scanning for HTTP. Anyone seen this as well?
>

I am not observing any bind scans from that subnet, but I am seeing a lot
of IIS script exploit attemtps and PHP content disposition exploit
attemtpos from wanadoo in their 80.8.5* range. Is that something you
mighthave noticed as well?
- -- "Hell, there are no rules here-- we're trying to accomplish something."
- -- Thomas Alva Edison

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (Darwin)

iD8DBQE9XSaVzaw9WRklNbkRA9RpAKCi3qtZo2ynMghKXpB6AczI05RvhwCeLnaD
z5JpmczP1+W4ZYkjXrYV5k8=
=rn3k
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Re: Scan for anonymous ftp...
    ... : If someone is scanning for anonymous Ftp:s is that ok? ... Most ftp sites have a policy. ... tags it with a "unerasable" direcory structure and ... This is not legal and is usually reported by the firewall admin ...
    (comp.security.firewalls)
  • Re: LAN issue with FTP
    ... We are unable to install the scanning software on this ... >>It is my understanding that the scanning software uses ftp to communicate ... this pc will not install this software. ...
    (microsoft.public.backoffice.smallbiz2000)
  • BIND scan from Wanadoo.fr
    ... I am used to seeing those idiots scanning for FTP and I have them all ... REJECTs and when I investigated I found 62.155/11 scanning for BIND .. ... For more information on this free incident handling, ...
    (Incidents)
  • Re: address already in use
    ... Our networ scanner software was running an ftp ... server for scanning to FTP I just had to change the port ...
    (microsoft.public.inetserver.iis.ftp)