Re: .ida Intrusion Attempt

From: Sebastian Ip (9sckiat_private)
Date: Thu Jul 19 2001 - 16:34:02 PDT

  • Next message: Ryan Russell: "Re: CodeRed"

    I have see like dozen attempts on myself already. I don't run windows and I 
    don't have httpd of any type running. So it's not restricted to web servers. 
    it's justa random porbe of any sites. I mean not everyone's got a www in 
    front of their host name.
    
    Another though. Seeing the number of hits I have been getting and i am 
    talking about a @home cable firewall and a work machine connected to DSL 
    without a proper DNS name. I think we could be in for a slow internet 
    tommorrow if all these machines don't get cleaned up and all of them start 
    DOSing whitehouse.gov from all over the world.
    
    Cheers
    
    Sebastian Ip
    
    On Thursday 19 July 2001 14:19, Tulchinskiy, Sasha wrote:
    > That is not correct (unfortunately).
    > We have servers attacked with URLs other than www.something...
    >
    > -----Original Message-----
    > From: Colby Rice [mailto:criceat_private]
    > Sent: Thursday, July 19, 2001 1:29 PM
    > Cc: incidentsat_private; focus-idsat_private
    > Subject: RE: .ida Intrusion Attempt
    >
    >
    > Has anyone else noticed that it is only hitting www. servers? or am I
    > just lucky? I am getting many many attempts but ONLY on my
    > www.<whatever> servers I DO have servers with port 80 open to the
    > outside world that ARE NOT getting hit. from everything I have read on
    > this worm it is picking its IP's at random and if that is the case then
    > I should have been hit on something OTHER then these (few) www.
    > servers..
    >
    > (or am I missing something?)
    >
    > 		CR
    >
    >
    > ---------------------------------------------------------------------------
    >-
    >
    >
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see:
    >
    > http://aris.securityfocus.com
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 20:17:09 PDT