Re: formmail

From: Ryan Russell (ryanat_private)
Date: Sun Sep 02 2001 - 13:44:58 PDT

Next message: red0x: "RE: FW: Wierd .ida request? What is it?"

Previous message: Lance Spitzner: "Scan of the Month - September"
In reply to: Soeren Ziehe: "formmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1 Sep 2001, Soeren Ziehe wrote:

>
> There was an attempt to use a formmail perl script installed on our
> server from a non-local address.
>
> A quick grep trough our weblogs for this month and back to the beginning
> of this year revealed a ton of requests for the 20th this month and a
> few requests on the 11th, 23th, 27th and 29th.
>
<SNIP>
>
> IF you've stayed with me until here. Has anyone seen the same access
> attempts patterns/tool signatures?

Yes, it's been on-and-off our top 5 for some time now:
http://aris.securityfocus.com/

					Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: red0x: "RE: FW: Wierd .ida request? What is it?"
Previous message: Lance Spitzner: "Scan of the Month - September"
In reply to: Soeren Ziehe: "formmail"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 03 2001 - 14:27:07 PDT