Re: BIND scan from Wanadoo.fr

From: WebMaster@rbfcu.org
Date: 08/16/02 

To: Gary Baribault <gary@baribault.net>
From: WebMaster@rbfcu.org
Date: Fri, 16 Aug 2002 10:42:09 -0500

I think the better question is, "has anyone ever seen the scans STOP".

wanadoo.fr is notorious for allowing this kind of garbage...

Thanks,
Michael Sorbera
Webmaster
Randolph-Brooks Federal Credit Union

"Never approach a problem with preconceived notions...having a theory is
something different, but having a preconceived notion means that you're not
necessarily going to look for data...you're going to look for data that
supports your assumption."

                                                                                                
                    Gary Baribault
                    <gary@baribaul To: incidents@securityfocus.com
                    t.net> cc:
                                         Subject: BIND scan from Wanadoo.fr
                    08/15/2002
                    07:23 PM
                                                                                                
                                                                                                

I am used to seeing those idiots scanning for FTP and I have them all
blocked in and out with out logged .. Recently I say a big jump in OUTPUT
REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I
also recently noticed them scanning for HTTP. Anyone seen this as well?

Gary Baribault
gary@baribault.net

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • RE: Malicious web sites
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: [incident] IIS defacement through FTP, possible DoS
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Distributed ICMP/UDP scan or attack?
    ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ...
    (Incidents)
  • Re: strange attacks - flood udp packets from 1030 to msql
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Can anyone identify this backdoor?
    ... > and tracking system please see: http://aris.securityfocus.com ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management ...
    (Incidents)