A few possibilities come to mind: 1. your IP address changed recently (dialup perhaps?) and the response was intended for the previous owner of that ip (it is possible that the response is not realtime, but sent after analyzing the logs periodically) 2. Remote side is scanning, and masking the scan by making you think that it is a codered response 3. Your machine _is_ scanning, hacked perhaps, or a legitimate user tried some script (I am sure there are scripts that exploit the vulnerability by now) Can On 3 Sep 2001 at 18:23, red0x wrote: > That's the weird thing, I don't have code red, its linux and apache.. so > wtf? > --=< Can Erkin Acar (canacarat_private) >=-- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 03 2001 - 18:56:56 PDT