-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Am 16.08.2002 2:23 Uhr schrieb "Gary Baribault" unter <garyat_private>: > I am used to seeing those idiots scanning for FTP and I have them all > blocked in and out with out logged .. Recently I say a big jump in OUTPUT > REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I > also recently noticed them scanning for HTTP. Anyone seen this as well? > I am not observing any bind scans from that subnet, but I am seeing a lot of IIS script exploit attemtps and PHP content disposition exploit attemtpos from wanadoo in their 80.8.5* range. Is that something you mighthave noticed as well? - -- "Hell, there are no rules here-- we're trying to accomplish something." - -- Thomas Alva Edison -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (Darwin) iD8DBQE9XSaVzaw9WRklNbkRA9RpAKCi3qtZo2ynMghKXpB6AczI05RvhwCeLnaD z5JpmczP1+W4ZYkjXrYV5k8= =rn3k -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 16 2002 - 09:26:11 PDT