Stock reply IAW policy? You be the judge. There is, of course the possibility that she is right on the money. I can think of no better opportunity to do large scale decoyed port 80 sweeps than during a period like this. ------- Forwarded message follows ------- From: "Goudeau, Kristin M" <Kristin.Goudeauat_private> To: "'George Bakos'" <gbakosat_private> Subject: RE: logs Date sent: Thu, 26 Jul 2001 14:20:30 -0700 We have looked into this and found that no packets from any Boeing proxy servers accessed the address space you sent me. As far as the code red worm that we have talk about, we run web proxy servers not IIS web servers, so our proxies are not vulnerable to this worm. We have seen no evidence of an infected machine behind the proxy servers sending packets back out through our proxy. It does not work that way. Our conclusion is that our addresss was spoofed. If you see any more packets, scans or have additional security concerns for Boeing, please send them directly to me and I will address them. Kris Goudeau :) Incident Detection & Response Enterprise Computing Security- Intrusion Response kristin.m.goudeauat_private Phone: 253-657-5691 Pager: 206-797-6112 ------- End of forwarded message ------- ~~~~~~~~~~~~~~~~~~~~~~~~~ gbakosat_private 1c1 < $ chown us:us yourbase -R --- > # find / -name your\ base -exec chown us:us -R {} \; ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:17:12 PDT