RE: .ida Intrusion Attempt

From: Tim Winders (twindersat_private)
Date: Thu Jul 19 2001 - 16:43:57 PDT

  • Next message: Ryan Russell: "Re: Jetdirect card Attack???"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    I am seeing port 80 scans on "all" my hosts.  BlackICE is going nuts
    everywhere, my Apache machines are gleefully logging the default.ida
    requests and I am consindering blocking port 80 for all but my public www
    servers.  I probably should do this anyway, but this is getting
    ridiculous!
    
         **********************************************
            Tim Winders, MCSE, CNE, CCNA
            Associate Dean of Information Technology
            South Plains College
            Levelland, TX  79336
    
            Phone:	806-894-9611 x 2369
            FAX:	806-894-1549
            Email:	TWindersat_private
         **********************************************
    
    
    On Thu, 19 Jul 2001, Colby Rice wrote:
    
    > Has anyone else noticed that it is only hitting www. servers? or am I
    > just lucky? I am getting many many attempts but ONLY on my
    > www.<whatever> servers I DO have servers with port 80 open to the
    > outside world that ARE NOT getting hit. from everything I have read on
    > this worm it is picking its IP's at random and if that is the case then
    > I should have been hit on something OTHER then these (few) www.
    > servers..
    >
    > (or am I missing something?)
    >
    > 		CR
    >
    >
    > ----------------------------------------------------------------------------
    >
    >
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see:
    >
    > http://aris.securityfocus.com
    >
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (OSF1)
    Comment: Made with pgp4pine 1.76
    
    iEYEARECAAYFAjtXcMAACgkQTPuHnIooYbzYtgCfTx5Jo9FnkiqGdJ1BYI9+QtF3
    bWkAn1fA88KJfcVci1opL9MHqIkMph89
    =Bld0
    -----END PGP SIGNATURE-----
    
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 20:04:48 PDT