Just as I was thinking that it may be transparent proxies causing that behaviour I see nine scans coming from the same site in Switzerland in 30 seconds, this site is running the Chinese version. -----Original Message----- From: John Davidson [mailto:jwd_odsat_private] Sent: Monday, 6 August 2001 10:39 AM To: incidentsat_private Subject: CRv2 multiple scans from same source IP My W2k IIS logs show 3 CRv2 scans from the same source IP within the same minute. The IP is outside my Class A address space. From the analysis of CRv2 published at www.eeye.com this should not be possible, or at least the likelihood of such an occurence is much greater than winning a very big lottery... I should maybe buy a ticket! ;-). John Davidson ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 21:52:03 PDT