SecurityFocus Incidents
By Thread

186 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

---

Starting: 02/02/03
Ending: 02/27/03

• Interesting http-equiv@excite.com (02/26/03)
• Weird apache logs Travis Read (02/26/03)
  • RE: Weird apache logs Carmen Tache (02/26/03)
  • RE: Weird apache logs NESTING, DAVID M (SBCSI) (02/26/03)
• Remote Access Software (Wireless Devices) Holstein, Michael (02/25/03)
• Incident Focus Area Article Announcement Dan Hanson (02/26/03)
• Web server crashed, now is trying to contact an IP by port 80 every morning. Dan Harpold (02/24/03)
  • Re: Web server crashed, now is trying to contact an IP by port 80 every morning. lsi (02/25/03)
  • RE: Web server crashed, now is trying to contact an IP by port 80 every morning. Dan Harpold (02/25/03)
  • RE: Web server crashed, now is trying to contact an IP by port 80 every morning. Levinson, Karl (02/25/03)
• Weird Windows logon attempts Harry Hoffman (02/24/03)
  • Re: Weird Windows logon attempts Jacco Tunnissen (02/24/03)
  • Re: Weird Windows logon attempts Bojan Zdrnja (02/24/03)
  • RE: Weird Windows logon attempts Terence Runge (02/24/03)
  • Re: Weird Windows logon attempts H C (02/24/03)
    • Re: Weird Windows logon attempts Russell Fulton (02/26/03)
      • RE: Weird Windows logon attempts Mary McAllister (02/26/03)
• Possible new backdoor: mspx-smss.exe ? Sven Pechler (02/21/03)
  • Re: Possible new backdoor: mspx-smss.exe ? Sven Pechler (02/26/03)
• ICQ problem. Thiago Madeira de Lima (02/21/03)
  • Re: ICQ problem. bob (02/22/03)
  • Re: ICQ problem. Rafael Coninck Teigao (02/24/03)
• Questions: LKM, yoyo & rootkits Gordon Ewasiuk (02/21/03)
• FTimes 3.2.0 Released Klayton Monroe (02/21/03)
• WebJob 1.2.3 Released Klayton Monroe (02/21/03)
• Possible stateful filtering problem? Security (02/21/03)
• Scans on TCP port 135 Kevin Patz (02/20/03)
  • Re: Scans on TCP port 135 Dave Aitel (02/21/03)
• Weird Profile in Documents and Settings Greg Wiedeman (02/20/03)
  • RE: Weird Profile in Documents and Settings Rob Shein (02/20/03)
    • Re[2]: Weird Profile in Documents and Settings Jyri Hovila (02/21/03)
  • RE: Weird Profile in Documents and Settings Lucas Zaichkowsky (02/21/03)
    • Re: Weird Profile in Documents and Settings Patrick R. Sweeney (02/22/03)
      • RE: Weird Profile in Documents and Settings Austin Ehlers (02/22/03)
      • RE: Weird Profile in Documents and Settings Christopher Hummert (02/22/03)
  • Re: Weird Profile in Documents and Settings Anders Thulin (02/21/03)
  • Re: Weird Profile in Documents and Settings Gene Yoo (02/21/03)
• Dead thread -- Distributed spam-based DoS in progress Dan Hanson (02/20/03)
• port 17300 probe fingerprint analysis Royans Tharakan (02/18/03)
  • Re: port 17300 probe fingerprint analysis John Sage (02/18/03)
  • Re: port 17300 probe fingerprint analysis william.miller@gsa.gov (02/19/03)
• Distributed spam-based DoS in progress Transistor Sister (02/18/03)
  • Re: Distributed spam-based DoS in progress Hugo van der Kooij (02/18/03)
    • Re: Distributed spam-based DoS in progress Valdis.Kletnieks@vt.edu (02/18/03)
  • RE: Distributed spam-based DoS in progress Dave Hart (02/18/03)
    • RE: Distributed spam-based DoS in progress Hugo van der Kooij (02/19/03)
  • Re: Distributed spam-based DoS in progress Kee Hinckley (02/19/03)
    • Re: Distributed spam-based DoS in progress Transistor Sister (02/19/03)
      • Re: Distributed spam-based DoS in progress Rohan Amin (02/20/03)
    • RE: Distributed spam-based DoS in progress Steve Drees (02/19/03)
  • RE: Distributed spam-based DoS in progress Dave Hart (02/19/03)
• www.nopop.net Pascal Bouchareine (02/17/03)
  • RE: www.nopop.net Brad Griffin (02/17/03)
  • Re: www.nopop.net Jon Rublack (02/18/03)
• Re: ano@ano.com ftpd dip.t-dialin.net Scott Harris (02/16/03)
• Kuang2 strikes again, is it just me? Jeff Kell (02/16/03)
  • RE: Kuang2 strikes again, is it just me? Rob Shein (02/16/03)
    • Re: Kuang2 strikes again, is it just me? Paul Dokas (02/17/03)
  • Re: Kuang2 strikes again, is it just me? Johannes Ullrich (02/16/03)
  • Re: Kuang2 strikes again, is it just me? Jasmine (02/16/03)
  • Re: Kuang2 strikes again, is it just me? Jeff (02/16/03)
    • RE: Kuang2 strikes again, is it just me? Trevor Metzger (02/17/03)
      • RE: Kuang2 strikes again, is it just me? Tim Heagarty (02/17/03)
    • mIRC Trojan Variant - port 445 worm/Trojan kyle@kylelai.com (02/16/03)
  • Re: Kuang2 strikes again, is it just me? Kevin Patz (02/18/03)
• Incidents list administrivia and introductions... Dan Hanson (02/16/03)
• ICMP Destination Unreachable, Administratively Prohibited Neil Dickey (02/13/03)
  • Re: ICMP Destination Unreachable, Administratively Prohibited Chris Brenton (02/14/03)
    • Re: ICMP Destination Unreachable, Administratively Prohibited Anthony Kim (02/14/03)
    • Re: ICMP Destination Unreachable, Administratively Prohibited Valdis.Kletnieks@vt.edu (02/14/03)
  • Re: ICMP Destination Unreachable, Administratively Prohibited Russell Fulton (02/14/03)
  • Re: ICMP Destination Unreachable, Administratively Prohibited Anders Thulin (02/14/03)
• Summary of the responses (4 line ad) Alfred Huger (02/13/03)
• UDP traffic on Port 52798 Kenneth Wilson (02/13/03)
  • Re: UDP traffic on Port 52798 H C (02/13/03)
• S4T4N1C Web Defacement Christopher Lyon (02/13/03)
  • Re: S4T4N1C Web Defacement Michel Angelo da Silva Pereira (02/13/03)
  • Re: S4T4N1C Web Defacement HggdH (02/13/03)
    • Re: S4T4N1C Web Defacement Michel Angelo da Silva Pereira (02/13/03)
      • Re: Web Defacement Ricardo Castanho de Oliveira Freitas (02/14/03)
      • Re: Web Defacement Alberto Cozer (02/17/03)
      • Re: S4T4N1C Web Defacement security@imperialdesigns.com (02/14/03)
  • RE: S4T4N1C Web Defacement Dan Perez (02/13/03)
• webserver probes for php detection Alexander Reelsen (02/13/03)
• ftp server compromised rbelchez@show-net.net (02/13/03)
  • RE: ftp server compromised Mark E. Donaldson (02/13/03)
    • RE: ftp server compromised Denis Dimick (02/13/03)
  • Re: ftp server compromised Tibor Biro (02/13/03)
  • Re: ftp server compromised David Hodges (02/13/03)
  • Re: ftp server compromised psion (02/13/03)
• The 4 line ad at the bottom of this post.. Alfred Huger (02/13/03)
• Traffic on UDP 1815 Sahr, Kenneth (02/11/03)
  • RE: Traffic on UDP 1815 Sahr, Kenneth (02/12/03)
  • RE: Traffic on UDP 1815 Mark E. Donaldson (02/12/03)
• logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... Chuck Swiger (02/11/03)
  • Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... Richard Rager (02/11/03)
    • Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... jet (02/12/03)
  • Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... root@darks (02/12/03)
    • Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... Chuck Swiger (02/12/03)
• Identity theft scam against eBay users Patrick Bryant (02/10/03)
  • Re: Identity theft scam against eBay users Jordan K Wiens (02/11/03)
    • Re: Identity theft scam against eBay users Patrick Bryant (02/11/03)
      • Re: Identity theft scam against eBay users Nick FitzGerald (02/11/03)
  • Re: Identity theft scam against eBay users Matthew Breitenstine (02/11/03)
  • Re: Identity theft scam against eBay users Thomas Giudice (02/11/03)
  • Re: Identity theft scam against eBay users Patrick Bryant (02/11/03)
• Correction: www.ethereal.com not www.ethereal.org RE: Suspicious file on Desktop Eric Greenberg (02/10/03)
• Suspicious file on Desktop Patrick Fish (02/10/03)
  • RE: Suspicious file on Desktop Eric Greenberg (02/10/03)
  • RE: Suspicious file on Desktop Michael LaSalvia (02/10/03)
  • Re: Suspicious file on Desktop PAUL_TAYLOR@qvc.com (02/10/03)
  • RE: Suspicious file on Desktop Brenna Primrose (02/10/03)
• Increased Kuang2 activity Jason Dixon (02/10/03)
  • RE: Increased Kuang2 activity Logan F.D. Greenlee (02/10/03)
    • RE: Increased Kuang2 activity Jason Dixon (02/10/03)
    • RE: Increased Kuang2 activity Rev. Kronovohr (02/10/03)
  • Re: Increased Kuang2 activity Johannes Ullrich (02/10/03)
  • RE: Increased Kuang2 activity Jennifer Fountain (02/10/03)
  • RE: Increased Kuang2 activity davec@skooter.net (02/10/03)
  • RE: Increased Kuang2 activity Logan F.D. Greenlee (02/10/03)
    • RE: Increased Kuang2 activity James C Slora Jr (02/10/03)
      • Re: Increased Kuang2 activity Kurt Seifried (02/11/03)
  • RE: Increased Kuang2 activity Baklarz, Ron (02/10/03)
  • RE: Increased Kuang2 activity James C Slora Jr (02/10/03)
  • RE: Increased Kuang2 activity Thierry Zoller (02/11/03)
• Kuang2 on the rise... Jeff Kell (02/09/03)
• Re: FW: Packets from 255.255.255.255(80) (was: Packet from port 80 wi th spoofed microsoft.com ip) Alif The Terrible (02/06/03)
• ALEVRIUS! Geert Kiers (02/06/03)
  • RE: ALEVRIUS! Rob Shein (02/07/03)
  • RE: ALEVRIUS! James C Slora Jr (02/07/03)
  • RE: ALEVRIUS! Anders Reed Mohn (02/07/03)
  • RE: ALEVRIUS! Salisko, Rick (02/07/03)
  • RE: ALEVRIUS! NetSec Analyst (02/08/03)
  • RE: ALEVRIUS! Anders Reed Mohn (02/11/03)
• Netbios Name Scans/opaserv worm rocky_scotti@na.dole.com (02/06/03)
  • Re: Netbios Name Scans/opaserv worm H C (02/06/03)
• email address probes Andy Bastien (02/05/03)
  • Re: email address probes Kee Hinckley (02/06/03)
  • Re: email address probes Brad Arlt (02/05/03)
    • Re: email address probes james (02/06/03)
    • Re: email address probes Brad Arlt (02/07/03)
  • Re: email address probes Greg A. Woods (02/06/03)
    • Re: email address probes Axel Beckert - ecos gmbh (02/06/03)
      • RE: email address probes Rob Shein (02/07/03)
  • RE: email address probes Johann Kruse (02/06/03)
  • Re: email address probes Dave Laird (02/06/03)
  • Re: email address probes Ned Fleming (02/06/03)
    • Re: email address probes Andy Bastien (02/07/03)
• FTP/Port 1038 Hoof Hearted (02/04/03)
  • RE: FTP/Port 1038 Boyan Krosnov (02/04/03)
    • RE: FTP/Port 1038 perrieror@ssginfo.montclair.edu (02/13/03)
• RE: Packets from 255.255.255.255(80) (was: Packet from port 80 wi th spoofed microsoft.com ip) Tom Arseneault (02/03/03)
  • RE: Packets from 255.255.255.255(80) (was: Packet from port 80 wi th spoofed microsoft.com ip) Fitzgerald, John (02/05/03)
  • RE: Packets from 255.255.255.255(80) (was: Packet from port 80 wi th spoofed microsoft.com ip) Fitzgerald, John (02/05/03)
• DoS Attacks, Detecting the Source, and Service Providers Hamid (02/03/03)
  • Re: DoS Attacks, Detecting the Source, and Service Providers james (02/04/03)
  • RE: DoS Attacks, Detecting the Source, and Service Providers Rob Shein (02/04/03)
  • Re: DoS Attacks, Detecting the Source, and Service Providers H C (02/04/03)
• Speedera Ping, was "Packets from 255.255.255.255(80), etc." Neil Dickey (02/03/03)
  • Re: Speedera Ping, was "Packets from 255.255.255.255(80), etc." Joe Stewart (02/04/03)
• More /sumthin, maybe Sverre H. Huseby (02/03/03)
  • Re: More /sumthin Philipp Hug (02/26/03)
    • RE: More /sumthin Jonathan A. Zdziarski (02/26/03)
      • Re: More /sumthin D.C. van Moolenbroek (02/27/03)
• Re: Packets from 255.255.255.255(80) Guy Reisenauer (02/02/03)
• Re: klez variant?? Nick FitzGerald (02/01/03)
• Re: /sumthin Revisited H D Moore (02/01/03)
• ZOMBIES_HTTP_GET Kee Hinckley (02/01/03)
• The Spread of the Sapphire/Slammer Worm Nicholas Weaver (02/01/03)
• RE: klez variant?? James C Slora Jr (01/31/03)
• Re: Packet from port 80 with spoofed microsoft.com ip Pat Wilson (01/31/03)
  • Re: Packet from port 80 with spoofed microsoft.com ip Hulio Cortez (01/31/03)
  • Re: Packet from port 80 with spoofed microsoft.com ip zmajd fully (02/04/03)
• Fwd: Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Dave Laird (01/31/03)
• Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Steven Dietz (01/31/03)
  • Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Tomasz Papszun (01/31/03)
    • Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Hugo van der Kooij (02/02/03)
      • Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Frederic Harster (02/03/03)
      • RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) James Kelly (02/04/03)
      • Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Christian Vogel (02/04/03)
      • Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Meritt James (02/05/03)
  • Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Geert Kiers (02/02/03)
• RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Joel Tyson (01/31/03)
  • RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) David Gillett (01/31/03)
  • RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Joel Tyson (02/03/03)
    • Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Valdis.Kletnieks@vt.edu (02/03/03)

Last message date: 02/27/03
Archived on: 02/27/03 CET

---

186 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > incidents  > 2003-02