Re: .ida Intrusion Attempt

From: Sebastian Ip (9sckiat_private)
Date: Thu Jul 19 2001 - 16:34:02 PDT

Next message: Ryan Russell: "Re: CodeRed"

Previous message: Russell Fulton: "Re: .ida Intrusion Attempt"
In reply to: Tulchinskiy, Sasha: "RE: .ida Intrusion Attempt"
Next in thread: Kheos ml: "Re: .ida Intrusion Attempt"
Next in thread: Yom, Francis: "RE: .ida Intrusion Attempt"
Reply: Kheos ml: "Re: .ida Intrusion Attempt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have see like dozen attempts on myself already. I don't run windows and I 
don't have httpd of any type running. So it's not restricted to web servers. 
it's justa random porbe of any sites. I mean not everyone's got a www in 
front of their host name.

Another though. Seeing the number of hits I have been getting and i am 
talking about a @home cable firewall and a work machine connected to DSL 
without a proper DNS name. I think we could be in for a slow internet 
tommorrow if all these machines don't get cleaned up and all of them start 
DOSing whitehouse.gov from all over the world.

Cheers

Sebastian Ip

On Thursday 19 July 2001 14:19, Tulchinskiy, Sasha wrote:
> That is not correct (unfortunately).
> We have servers attacked with URLs other than www.something...
>
> -----Original Message-----
> From: Colby Rice [mailto:criceat_private]
> Sent: Thursday, July 19, 2001 1:29 PM
> Cc: incidentsat_private; focus-idsat_private
> Subject: RE: .ida Intrusion Attempt
>
>
> Has anyone else noticed that it is only hitting www. servers? or am I
> just lucky? I am getting many many attempts but ONLY on my
> www.<whatever> servers I DO have servers with port 80 open to the
> outside world that ARE NOT getting hit. from everything I have read on
> this worm it is picking its IP's at random and if that is the case then
> I should have been hit on something OTHER then these (few) www.
> servers..
>
> (or am I missing something?)
>
> 		CR
>
>
> ---------------------------------------------------------------------------
>-
>
>
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see:
>
> http://aris.securityfocus.com

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: Ryan Russell: "Re: CodeRed"
Previous message: Russell Fulton: "Re: .ida Intrusion Attempt"
In reply to: Tulchinskiy, Sasha: "RE: .ida Intrusion Attempt"
Next in thread: Kheos ml: "Re: .ida Intrusion Attempt"
Next in thread: Yom, Francis: "RE: .ida Intrusion Attempt"
Reply: Kheos ml: "Re: .ida Intrusion Attempt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 20:17:09 PDT