RE: CodeRed Observations. ## Christine_Kronberg@genua.de

From: root (root@ns1.transurban.com.au)
Date: 03/18/03

  • Next message: ciso@hushmail.com: "Animal Rights Hacktivist Group?" 
    Date: Tue, 18 Mar 2003 15:12:16 +1100
From: root <root@ns1.transurban.com.au>
To: incidents@securityfocus.com, incidents@securityfocus.com

    Christine_Kronberg@genua.de
    Subject: RE: CodeRed Observations.
    In-Reply-To: <9A01501BF79D864D95402AF6FBEE33D902928C8A@srtheismann.eng.emc.com>
    Message-ID: <Pine.LNX.4.30.0303141634200.21106-100000@oglamar.genua.de>
    MIME-Version: 1.0
    Content-Type: text/plain; charset="us-ascii"

    On Thu, 13 Mar 2003, larosa, vjay wrote:
    >
    > Some of the systems respond to a ping, none respond to
    > any HTTP requests. It doesn't mean that they are not
    > firewalled from incoming traffic though.

      I checked the entries in my logs. The only one that
      responded was indeed an IIS. All other IP gave me a
      "connection refused" or a simple timeout.

      With that being said about the non-three-way-handshake
      hits, I wonder if some of the addresses are spoofed;
      coming from a compiled list or something. Except for
      one hit all came from (different) 217.x.y.z addresses.
      Anyone else observed something similar?

      Have fun,

                                                    Chris. 

    -- 
GeNUA mbH
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
.
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
  • Next message: ciso@hushmail.com: "Animal Rights Hacktivist Group?"

    Relevant Pages

    • RE: Weird Windows logon attempts
      ... 1000s of machines some get missed. ... Lose another weekend managing your IDS? ... Take back your personal time. ... 15-day free trial of StillSecure Border Guard. ...
      (Incidents)
    • RE: SPM2000$ Rouge Share
      ... If I go to the management console> shared folders> shares> Right-click and ... Lose another weekend managing your IDS? ... Take back your personal time. ... 15-day free trial of StillSecure Border Guard. ...
      (Incidents)
    • RE: CodeRed Observations. ##
      ... Thread-Topic: CodeRed Observations. ... Thread-Index: AcLqWuPHlTcxQEoxTAGjH0dy9wj9lQ= ... Take back your personal time. ... 15-day free trial of StillSecure Border Guard. ...
      (Incidents)
    • RE: [unisog] Re: Port 109 Mystery
      ... third-party GINAs don't normally replace MSGINA.DLL. ... Lose another weekend managing your IDS? ... Take back your personal time. ... 15-day free trial of StillSecure Border Guard. ...
      (Incidents)
    • Increase in Scans of Port 445?
      ... Lose another weekend managing your IDS? ... Take back your personal time. ... 15-day free trial of StillSecure Border Guard. ...
      (Incidents)