RE: What's going on here?
From: Yonatan Bokovza (Yonatan@xpert.com)Date: 08/26/02
- Previous message: NESTING, DAVID M (SBCSI): "RE: What's going on here?"
- Maybe in reply to: Jackie: "What's going on here?"
- Next in thread: Russell Fulton: "RE: What's going on here?"
- Next in thread: wykkyd@ziplip.com: "Re: What's going on here?"
- Reply: Russell Fulton: "RE: What's going on here?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Yonatan Bokovza <Yonatan@xpert.com> To: 'Jackie' <JackieJ@Syllables.com>, "'incidents@securityfocus.com'" <incidents@securityfocus.com> Date: Mon, 26 Aug 2002 18:54:06 +0300
> -----Original Message-----
> From: Jackie [mailto:JackieJ@Syllables.com]
> Sent: Saturday, August 24, 2002 02:57
> To: incidents@securityfocus.com
> Subject: What's going on here?
>
>
> ZoneAlarm reported this burst, all from port 80 on a reserved IP
> block. What the honk's going on?
>
>
> FWIN,2002/08/23,18:47:42 -4:00
> GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S)
> FWIN,2002/08/23,18:47:42 -4:00
> GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S)
Someone is scanning a victim that's in reserved address-space,
giving your address as decoy.
see:
http://www.rootshell.be/~helevius/nid_3pe_v101.pdf
Regards,
Yonatan.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: NESTING, DAVID M (SBCSI): "RE: What's going on here?"
- Maybe in reply to: Jackie: "What's going on here?"
- Next in thread: Russell Fulton: "RE: What's going on here?"
- Next in thread: wykkyd@ziplip.com: "Re: What's going on here?"
- Reply: Russell Fulton: "RE: What's going on here?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
