RE: HTTP connections

From: Lindsay (lmf1tat_private)
Date: Sun Jul 22 2001 - 14:26:26 PDT

  • Next message: Jon O .: "Wide-scale Code Red Damage Assessment and Report"

    Port 80 SYN packets arrived singly and in triples to my dial-up Linux
    box. I captured some in tcpdump format:
    
     http://www.cstone.net/~lmf1t/codered/0718at_private
     http://www.cstone.net/~lmf1t/codered/0719at_private
     http://www.cstone.net/~lmf1t/codered/0719at_private
    
    Lindsay
    
    Ryan Russell wrote:
    
    >On Fri, 20 Jul 2001, Dean Cunningham wrote:
    >
    >> Looks like code red , but  not seeing the 3 hits per ip address, just
    one.
    >> May be due to the different FW logs, I use Firewall-1.
    >>
    >
    >I was getting three SYN packets per attempt.  For simple port-blocking
    >firewalls, they may log it as three entries.  Firewall-1 will treat it
    as
    >one "connection" attempt, and log it as a single item.
    >
    
    
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 17:37:57 PDT