I have seen similiar activity from a couple of IPs from France. They had broken into a computer of a company I was doing a vuln assessment on and set up an ftp server to share movies and software. SQL port probes were seen also. This was on Saturday and I have yet to get access to all log files. david b ----- Original Message ----- From: "Harlan S. Barney, Jr." <hsbarneyat_private> To: <incidentsat_private> Sent: Saturday, June 22, 2002 8:34 PM Subject: Re: SQL port probe repeats > After about 250 SQL port probes to my workstation without a repeat of > source IP, I have found two repeats in the last week. One was from > Korea, the other from the USA. > > Maybe someone cleaned the two systems but did not secure them properly. > > I have also noted that in March I had a SQL port probe followed by an > FTP port probe from the same source in France. > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 12:13:57 PDT