RE: CodeRed Observations.
From: Christine Kronberg (Christine_Kronberg@genua.de)
Date: 03/14/03
- Previous message: David Moisan: "Final word on WINLOGON"
- In reply to: larosa, vjay: "RE: CodeRed Observations."
- Next in thread: larosa, vjay: "RE: CodeRed Observations."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Mar 2003 16:38:56 +0100 (CET) From: Christine Kronberg <Christine_Kronberg@genua.de> To: <incidents@securityfocus.com>
On Thu, 13 Mar 2003, larosa, vjay wrote:
>
> Some of the systems respond to a ping, none respond to
> any HTTP requests. It doesn't mean that they are not
> firewalled from incoming traffic though.
I checked the entries in my logs. The only one that
responded was indeed an IIS. All other IP gave me a
"connection refused" or a simple timeout.
With that being said about the non-three-way-handshake
hits, I wonder if some of the addresses are spoofed;
coming from a compiled list or something. Except for
one hit all came from (different) 217.x.y.z addresses.
Anyone else observed something similar?
Have fun,
Chris.
-- GeNUA mbH ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
- Previous message: David Moisan: "Final word on WINLOGON"
- In reply to: larosa, vjay: "RE: CodeRed Observations."
- Next in thread: larosa, vjay: "RE: CodeRed Observations."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
