Re: BIND scan from Wanadoo.fr
From: Baribault, Gary (gary@baribault.net)Date: 08/16/02
- Previous message: David Höhn: "Re: [Whitehat] BIND scan from Wanadoo.fr"
- Maybe in reply to: Gary Baribault: "BIND scan from Wanadoo.fr"
- Next in thread: Mike Arnold: "Re: BIND scan from Wanadoo.fr"
- Reply: Mike Arnold: "Re: BIND scan from Wanadoo.fr"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Aug 2002 12:31:59 -0400 To: WebMaster@rbfcu.org From: "Baribault, Gary" <gary@baribault.net>
I have seen them scan for misconfigured TP servers all the time .. and I
block that on all of my firewalls, I think we all know when they add a new
subnet, we get scanned and add it to our list of Wanadoo .. but what I'm
saying is that this is the first time I see them originate high port and
scan the destination port 53 .. that is what is new.
Gary B
At 10:42 AM 8/16/2002 -0500, WebMaster@rbfcu.org wrote:
>I think the better question is, "has anyone ever seen the scans STOP".
>
>wanadoo.fr is notorious for allowing this kind of garbage...
>
>Thanks,
>Michael Sorbera
>Webmaster
>Randolph-Brooks Federal Credit Union
>
>"Never approach a problem with preconceived notions...having a theory is
>something different, but having a preconceived notion means that you're not
>necessarily going to look for data...you're going to look for data that
>supports your assumption."
>
>
>
>
> Gary
> Baribault
> <gary@baribaul To:
> incidents@securityfocus.com
> t.net> cc:
>
> Subject: BIND scan from
> Wanadoo.fr
> 08/15/2002
>
> 07:23
> PM
>
>
>
>
>
>
>
>
>I am used to seeing those idiots scanning for FTP and I have them all
>blocked in and out with out logged .. Recently I say a big jump in OUTPUT
>REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I
>also recently noticed them scanning for HTTP. Anyone seen this as well?
>
>Gary Baribault
>gary@baribault.net
>
>
>----------------------------------------------------------------------------
>
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: David Höhn: "Re: [Whitehat] BIND scan from Wanadoo.fr"
- Maybe in reply to: Gary Baribault: "BIND scan from Wanadoo.fr"
- Next in thread: Mike Arnold: "Re: BIND scan from Wanadoo.fr"
- Reply: Mike Arnold: "Re: BIND scan from Wanadoo.fr"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
