Christine_Kronbergat_private Subject: RE: CodeRed Observations. In-Reply-To: <9A01501BF79D864D95402AF6FBEE33D902928C8Aat_private> Message-ID: <Pine.LNX.4.30.0303141634200.21106-100000at_private> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" On Thu, 13 Mar 2003, larosa, vjay wrote: > > Some of the systems respond to a ping, none respond to > any HTTP requests. It doesn't mean that they are not > firewalled from incoming traffic though. I checked the entries in my logs. The only one that responded was indeed an IIS. All other IP gave me a "connection refused" or a simple timeout. With that being said about the non-three-way-handshake hits, I wonder if some of the addresses are spoofed; coming from a compiled list or something. Except for one hit all came from (different) 217.x.y.z addresses. Anyone else observed something similar? Have fun, Chris. -- GeNUA mbH ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> . ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Tue Mar 18 2003 - 11:37:32 PST