Re: Textbook CodeRed v2 Caught By Snort

From: Ryan Russell (ryanat_private)
Date: Fri Jun 28 2002 - 13:20:34 PDT

Next message: Mike Denka: "FW: 33 character encrypted passwords in /etc/shadow"

Previous message: Keith T. Morgan: "RE: spoofed packets to RFC 1918 addresses"
In reply to: Jeremy Junginger: "Textbook CodeRed v2 Caught By Snort"
Next in thread: Nick FitzGerald: "Re: Textbook CodeRed v2 Caught By Snort"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 28 Jun 2002, Jeremy Junginger wrote:

> I just wanted to share.  It appears to be a compromised host.  Any
> thoughts?

It's Nimda.  It's probably more accurate to call your attacker "infected"
rather than "compromised".

						Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Mike Denka: "FW: 33 character encrypted passwords in /etc/shadow"
Previous message: Keith T. Morgan: "RE: spoofed packets to RFC 1918 addresses"
In reply to: Jeremy Junginger: "Textbook CodeRed v2 Caught By Snort"
Next in thread: Nick FitzGerald: "Re: Textbook CodeRed v2 Caught By Snort"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 13:34:52 PDT