Security Incidents mailing list archives
Re: New to this and need help plz!!
From: "Blake R. Swopes" <bhodi () BIGFOOT COM>
Date: Wed, 27 Dec 2000 22:43:01 -0800
Are you running a frontpage/webhosting server for these customers to post to? It could be legit traffic, it could be a mistake, or it could be an information gathering attack. In any case, it probably wouldn't hurt for someone at your company to contact the admin to try to find out what's going on. Just be careful how its handled... you don't want to go accusing them of trying to crack your web server if it's just someone who doesn't know the difference between IE and Frontpage (hmm... probably someone in marketing). -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Robert J. Wright Sent: Wednesday, December 27, 2000 7:14 PM To: INCIDENTS () SECURITYFOCUS COM Subject: New to this and need help plz!! Hello all those who read this. Im kinda in a small problem. Heres whats kinda going on. Im 18 year old, network administrator assistant. I finally got an IDS system (snort) installed onto my network at work, after alot of argument with management, You guys probally know what im talking about. Well the system has only been up for about 24 hours now, and well It picked somthing up. [**] IDS292 - WEB FRONTPAGE - Frontpage-shtml.dll [**] 12/27-06:46:04.461674 xxx.xxx.xxx.xxx:48731-> xxx.xxx.xxx.xxx:80 TCP TTL:244 TOS:0x0 ID:4692 DF *****PA* Seq: 0xC621C4EA Ack: 0x243699 Win: 0x2238 I have recieved a total of 27 of these from that one source, going to my webserver. No kidding eh being port 80 =] Now from my understanding this can be legit traffic. Now i dns'd the ip and its a large consulting/industry company. I checked out with a sales rep and we do sell products to this company. However from what i read from Whitehats.com i dont see a reason why this should happen from a customer. So i really dont know how to address this. Can someone please help me out? Should i contact the network administrator from that company about this? Thank you, Bob Wright
Current thread:
- New to this and need help plz!! Robert J. Wright (Dec 27)
- Re: New to this and need help plz!! Jeff (Dec 28)
- Re: New to this and need help plz!! Blake R. Swopes (Dec 28)
- <Possible follow-ups>
- Re: New to this and need help plz!! Dave Woods (Dec 28)