Re: [Whitehat] BIND scan from

From: David Hhn (dhat_private)
Date: Fri Aug 16 2002 - 09:21:43 PDT

  • Next message: Baribault, Gary: "Re: BIND scan from"

    Hash: RIPEMD160
    Am 16.08.2002 2:23 Uhr schrieb "Gary Baribault" unter <garyat_private>:
    > I am used to seeing those idiots scanning for FTP and I have them all
    > blocked in and out with out logged .. Recently I say a big jump in OUTPUT
    > REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I
    > also recently noticed them scanning for HTTP. Anyone seen this as well?
    I am not observing any bind scans from that subnet, but I am seeing a lot
    of IIS script exploit attemtps and PHP content disposition exploit
    attemtpos from wanadoo in their 80.8.5* range. Is that something you
    mighthave noticed as well?
    - -- "Hell, there are no rules here-- we're trying to accomplish something."
    - -- Thomas Alva Edison
    Version: GnuPG v1.0.7 (Darwin)
    -----END PGP SIGNATURE-----
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 09:26:11 PDT