Anyone interested in full tcpdump trace of a Code Red breakin ?

From: Arthur Donkers (arthurat_private)
Date: Thu Jul 19 2001 - 12:21:31 PDT

Next message: Yom, Francis: "RE: .ida Intrusion Attempt"

Previous message: Tulchinskiy, Sasha: "RE: .ida Intrusion Attempt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,

Only half an hour ago we caught some Code Red worms in our W2K honeypot.
We are analysing the tcpdump trace of the actual breakin, but in the
meantime, anyone interested in these traces (people not supporting full
disclosure could close their eyes or speed read with the 'd' button ...) ?

Arthur Donkers

--
/* Disclaimer :   you hire my skills, not my opinions, those are mine !    */
/* email : arthurat_private    Security    'Me ? I'm not me ! I'm just a   */
/* phone : (+31) 50 549 2701   is not a     computer simulation of me'     */
/* URL http://www.reseau.nl   dirty word      Red Dwarf, First Episode     */


----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: Yom, Francis: "RE: .ida Intrusion Attempt"
Previous message: Tulchinskiy, Sasha: "RE: .ida Intrusion Attempt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 16:19:58 PDT