Re: [logs] Logs from Cisco DoS

• Previous message: Tina Bird: "[logs] Logs from Cisco DoS"
• In reply to: Tina Bird: "[logs] Logs from Cisco DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 18 Jul 2003, Tina Bird wrote:

> Jul 18 15:45:29 mymachine.example.com 16109: Jul 18 15:45:28.060:
> %SEC-6-IPACCESSLOGNP: list 125 denied 55 abc.abc.abc.abc (POS4/1 ) ->
> 130.59.104.116, 1 packet

It's worth noting that the circulating exploit code spoofs 
abc.abc.abc.abc, so the addresses won't be the real attacker's address.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
probertsat_private      which may have no basis whatsoever in fact."
probertsonat_private Director of Risk Assessment TruSecure Corporation

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Eric Fitzgerald: "RE: [logs] [W2K] New Process ID field in 592 events"
• Previous message: Tina Bird: "[logs] Logs from Cisco DoS"
• In reply to: Tina Bird: "[logs] Logs from Cisco DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 21 2003 - 13:16:54 PDT