(Fwd) RE: logs

From: George Bakos (gbakosat_private)
Date: Thu Jul 26 2001 - 08:34:15 PDT

  • Next message: Kelvin: "Re: Network attack from S1 Corporation"

    Stock reply IAW policy?  You be the judge.
    There is, of course the possibility that she is right on the money.  I 
    can think of no better opportunity to do large scale decoyed port 80 
    sweeps than during a period like this.
    
    ------- Forwarded message follows -------
    From:           	"Goudeau, Kristin M" <Kristin.Goudeauat_private>
    To:             	"'George Bakos'" <gbakosat_private>
    Subject:        	RE: logs
    Date sent:      	Thu, 26 Jul 2001 14:20:30 -0700
    
    We have looked into this and found that no packets from any 
    Boeing proxy servers accessed the address space you sent me. As 
    far as the code red worm that we have talk about, we run web 
    proxy servers not IIS web servers, so our proxies are not 
    vulnerable to this worm.  We have seen no evidence of an infected 
    machine behind the proxy servers sending packets back out 
    through our proxy. It does not work that way. Our conclusion is that 
    our addresss was spoofed.  
    
    If you see any more packets, scans or have additional security 
    concerns for Boeing, please send them directly to me and I will 
    address them.  
    
    Kris Goudeau :)                             
    Incident Detection & Response
    Enterprise Computing Security- Intrusion Response
    kristin.m.goudeauat_private
    Phone: 253-657-5691  Pager: 206-797-6112
    
    ------- End of forwarded message -------
    ~~~~~~~~~~~~~~~~~~~~~~~~~
    gbakosat_private
    
    1c1
    < $ chown us:us yourbase -R
    ---
    > # find / -name your\ base -exec chown us:us -R {} \;
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:17:12 PDT