Security Incidents: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

281 messages starting Dec 31 99 and ending Jan 31 00
Date index | Thread index | Author index

Friday, 31 December

Re: ICMP time exceed in-transit packets White, Tim
Re: :8 -> :0 Belgarion of Riva

Saturday, 01 January

Re: ICMP time exceed in-transit packets Chris Brenton
Re: ICMP time exceed in-transit packets Alain Thivillon
Re: :8 -> :0 CyberPsychotic
Re: ICMP time exceed in-transit packets Dave Dittrich

Sunday, 02 January

Y2K bug in Shadow IDS Patrick Oonk
Port Scan on 371... M. Edward Wilborne III
Re: ICMP timex to X.Y.Z.0 Donald McLachlan
Re: :8 -> :0 Bubonic
Re: Y2K bug in Shadow IDS Donald McLachlan
Re: Port Scan on 371... Fisher, Lee
Re: ICMP time exceed in-transit packets Paul Cardon
Re: Port Scan on 371... Etaoin Shrdlu
Re: ICMP time exceed in-transit packets Christopher Wilson
Re: Port Scan on 371... Christopher Wilson
correlation between porscans and local activity Thomas Molina

Monday, 03 January

port 119 Dariusz Zmokly
Writeup: it. TLD going astray Arrigo Triulzi
Re: correlation between porscans and local activity Sean Sosik-Hamor
ADMROCKS McNab, Chris
Computer Forsenics System Administrator
Re: Computer Forsenics-> www.fish.com/forensics mike
Re: correlation between porscans and local activity Bob Johnson
Re: port 119 Robert Graham

Tuesday, 04 January

Re: Source Host 0.0.0.0 Frederic Ple
Ports 25092 / 20869 Vanja Hrustic
R: correlation between porscans and local activity Raistlin
traceroute ICMP packets Laszlo Fabian
Re: correlation between porscans and local activity R a v e N
Re: port 119 Scott Laws
Re: traceroute ICMP packets M J
Re: Ports 25092 / 20869 Robert Graham
Re: port 119 Thomas Molina
Re: Source Host 0.0.0.0 Dante Mercurio
port 1150 and 4833 ? Kim R. Rasmussen
Re: named ADMROCKS exploit replacing sshd1 Paul Hurley

Wednesday, 05 January

Scanners using netcraft? Michael Damm
Re: port 119 R a v e N
Connection attempts with source port 113 Ginsberg Rainer (QI/INF4) *
unusual UDP probes T.Esting
Re: Scanners using netcraft? Richard Trott
Re: port 119 Vince Vielhaber
Re: Scanners using netcraft? Eric Cholet
Re: Scanners using netcraft? Mike Johnson
Re: Scanners using netcraft? Al Huger - Mail Account
Port 3593 Raistlin
Re: Scanners using netcraft? sekurity
Re: unusual UDP probes Ron Gula
Re: unusual UDP probes T.Esting
IIS 5.0 not displaying asp Justin Lintz
Re: port 119 Russ Allbery

Thursday, 06 January

Re: Source Host 0.0.0.0 Grzegorz Janoszka
Re: Source Host 0.0.0.0 Chuck Phillips
Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth
Re: IIS 5.0 not displaying asp Andrew_Kunz () TDGROUP COM
Command confirmation request cancelled L-Soft list server at LISTS.SECURITYFOCUS.COM (1.8d)
Distributed Scanning? Missouri FreeNet Administration

Friday, 07 January

Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Maniac .
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Jeffrey Papen
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth
Cable modem hosts being exploited to spam. TCP ports 224, 253 Aaron Higbee

Saturday, 08 January

Probe from NS2.SOHONET.COM Jonathan S. Keim
Ports 12345, 5742 and 20034 Artur Nowak
Got cracked/attacked this morning Filip M. Gieszczykiewicz
Re: Distributed Scanning? Richard Bejtlich

Sunday, 09 January

god damn - we got rooted again (long, alas) Filip M. Gieszczykiewicz
rootkit site found in sniff log (??) Filip M. Gieszczykiewicz
Port 4 Arne Vidar Sjønøs
Update: other depts attacked Filip M. Gieszczykiewicz
Re: Connection attempts with source port 113 daswasme () SDF LONESTAR ORG

Monday, 10 January

strange icmp traffic Dariusz Zmokly
NT4.0 Logs Daniel K. Boyd
Re: Scanners using netcraft? mea culpa
Re: :8 -> :0 Frameloss, Frameloss
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Missouri FreeNet Administration
Re: port 1150 and 4833 ? Frameloss, Frameloss
Re: Port 4 Keith Owens
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Andy David
Re: Ports 12345, 5742 and 20034 Andy David
Re: Ports 12345, 5742 and 20034 Michal Rok

Tuesday, 11 January

Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas Molina
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Andrew Kunz
Re: Port 4 Sean Sosik-Hamor
Re: Port 4 CyberPsychotic
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Maniac .
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Maniac .
Re: Ports 12345, 5742 and 20034 Woods,Stan
Re: Port 4 Philipp Buehler
Re: Port 4 Sean Sosik-Hamor
Re: Ports 12345, 5742 and 20034 Artur Nowak
Maillog Suspicious flirtingboy20
Re: Port 4 Daniel Jacobowitz
Re: Maillog Suspicious David A. Bandel
Re: Maillog Suspicious James Phillips
Re: strange icmp traffic Jacob Langseth
Re: Maillog Suspicious Yiorgos Adamopoulos
strange entrys in /var/log/messages Ben Russell
Re: Maillog Suspicious Jose Nazario
Re: Maillog Suspicious Larry W. Cashdollar
Attempted port scans. Steve
Re: Maillog Suspicious Khetan Gajjar
Re: Port 4 Boris Badenov

Wednesday, 12 January

Re: Port 4 Lutz Pressler
IRC-bots: what are they for ? Jens Hektor
Text file monitor? Luther Trammel
Re: strange icmp traffic Dariusz Zmokly
Re: Maillog Suspicious Christopher Rhodes
Re: Maillog Suspicious Christopher Rhodes
Re: strange entrys in /var/log/messages Larry W. Cashdollar
Re: Attempted port scans. Larry W. Cashdollar
Re: IRC-bots: what are they for ? Jon Paul, Nollmann
Re: IRC-bots: what are they for ? SecOrg
Re: IRC-bots: what are they for ? Ninja Information Systems.
Re: IRC-bots: what are they for ? Jens Hjalmarsson
Re: IRC-bots: what are they for ? tyler
Re: IRC-bots: what are they for ? David Brumley
Re: IRC-bots: what are they for ? The Undernet Bonk
Re: strange entrys in /var/log/messages Christopher Wilson
Re: strange entrys in /var/log/messages Robert Graham
Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz
Re: Text file monitor? James A Kennemore Jr
Re: R: correlation between porscans and local activity Michael Babcock

Thursday, 13 January

Strange behaviour Belgarion of Riva
Re: Port 4 Vanja Hrustic
Large quantity of traffic from amazon.com - source_port 3000 Peter Bates
New vulnerability (fwd) Alfred Huger

Friday, 14 January

More icmp floating around... Ralf Günthner
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Al Huger - Mail Account
An Embryonic Counterintelligence Tool Stephen P. Berry

Saturday, 15 January

Re: Large quantity of traffic from amazon.com - source_port 3000 Chris
Re: Large quantity of traffic from amazon.com - source_port 3000 Dominique Brezinski
Re: Strange behaviour Richard Bejtlich

Sunday, 16 January

Name server probe from NS2.50megs.com Jonathan S. Keim

Monday, 17 January

Re: Strange behaviour Dante Mercurio
Scans Scott Armstrong
Log tools? Chad Day
UDP probing [ trojan? ] mabrown () SECUREPIPE COM
Re: Name server probe from NS2.50megs.com Jonathan S. Keim
Solaris BSM Audit Logs Wozz
Re: Large quantity of traffic from amazon.com - source_port 3000 Joseph Geyer
Re: Strange behaviour John Turner
Re: Log tools? James Phillips
Re: Log tools? Richard Trott

Tuesday, 18 January

Re: Log tools? Lammerse, Marcel
AMD/Port 100099 and portmap Daniel K. Boyd
Re: Large quantity of traffic from amazon.com - source_port 3000 Andrew Steingruebl
Re: An Embryonic Counterintelligence Tool Iván Arce
SMTP bombing Kaupo Palo
Re: Strange behaviour Iván Arce
Re: traceroute ICMP packets Larry Canup
Re: Large quantity of traffic from amazon.com - source_port 3000 Dominique Brezinski
Re: An Embryonic Counterintelligence Tool Vanja Hrustic
Re: UDP probing [ trojan? ] Jose Nazario
Re: Log tools? Gene Harris
Probe from UK Provider ? Duarte Cordeiro
Re: Log tools? Woods,Stan
Re: AMD/Port 100099 and portmap CyberPsychotic
Re: Log tools? Pauline van Winsen
Unusual scan pattern Russell Fulton

Wednesday, 19 January

ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Michael Vaughan
Re: Unusual scan pattern Oliver Friedrichs
Re: Unusual scan pattern Granquist, Lamont
Re: Probe from UK Provider ? Pauline van Winsen
Re: Large quantity of traffic from amazon.com - source_port 3000 Robert Graham
Slow scan Mixmaster

Thursday, 20 January

Re: Unusual scan pattern Richard Bejtlich
Socks port 1080 Heman Leopando
Re: Unusual scan pattern Kevin Houle
Re: Socks port 1080 Russell Fulton
Re: Probe from UK Provider ? Arrigo Triulzi
Re: Probe from UK Provider ? Gene Harris
Re: Probe from UK Provider ? Jason Witty
I was scaned C.

Friday, 21 January

Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Donald McLachlan
Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Cy Schubert - ITSD Open Systems Group
Re: Socks port 1080 Randy Mclean
Unknown Port Numbers Edwin Covert
Re: I was scaned Oliver Friedrichs
Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Ex Machina [xm]
Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File CyberPsychotic
Re: Socks port 1080 Richard Bejtlich

Saturday, 22 January

Unusual Netstat Listing Rob
Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Dug Song
Re: I was scaned Robert Graham

Sunday, 23 January

Re: Unusual scan pattern Russell Fulton
Re: I was scaned Jose Nazario
Re: I was scaned Gene Harris

Monday, 24 January

Got scaned again C.
? C.
semi careful, very patient attacker Jon Paul, Nollmann
Re: I was scaned Larry W. Cashdollar
Re: ? Mike Tancsa
Re: ? Brock Sides
Re: unapproved AXFR Russell Fulton
Re: I was scaned Keith Owens

Tuesday, 25 January

Re: ? Fernando Cardoso
No Idea CN
Re: ? Robert G. Ferrell
Re: ? Adam Boileau
PC Anywhere client seems to probe class C of connected networks Troy Ablan
Re: No Idea Paul L Schmehl
Re: No Idea Robert Graham
Possible Probe = Possible Malfunction Ron Gula
Possible attemt at hacking? Geir A. Bjune

Wednesday, 26 January

Re: PC Anywhere client seems to probe class C of connected networks Steve Ellermann
Korea (was RE: ?) Fernando Cardoso
Re: PC Anywhere client seems to probe class C of connected networks Paul L Schmehl
Re: Possible attemt at hacking? Dante Mercurio
Strange DNS/TCP activity Pavel Kankovsky
Re: PC Anywhere client seems to probe class C of connected networks Jose Nazario
Re: PC Anywhere client seems to probe class C of connected networks Robert Graham
Anti-Death Penalty Robert Graham
Re: Korea (again) Kim R. Rasmussen
BOGUS.IvCD File Jonathan A. Zdziarski
Probes to tcp 2766 ('System V Listner') Russell Fulton
Re: Korea (was RE: ?) horio shoichi

Thursday, 27 January

Extrange named messages king
Re: Strange DNS/TCP activity Howard M. Kash III
Re: Korea (again) zeek
Re: Anti-Death Penalty Bill Royds
Re: Strange DNS/TCP activity Asmodeus
Re: BOGUS.IvCD File Vanja Hrustic
port 768 Guido A.J. Stevens
Re: Korea (again) Granquist, Lamont
Re: Strange DNS/TCP activity technot
Re: Korea (was RE: ?) Robert G. Ferrell
Re: Korea (again) Kim Roland Rasmussen
Re: Probes to tcp 2766 ('System V Listner') Robert G. Ferrell
Re: Korea (was RE: ?) R a v e N
Re: Strange DNS/TCP activity Roy Pait
Re: Korea (was RE: ?) David Brumley
Re: Strange DNS/TCP activity Richard Bejtlich
Re: port 768 Robert Graham
Connect thru PIX & ports 1727, 2209, 9200 CL: Nelson, Jeff
Re: Anti-Death Penalty Thomas Molina
Re: Korea (was RE: ?) Brooke, O'Neil
Re: Korea (again) Thomas Molina
Re: Possible attemt at hacking? Brendan Grieve

Friday, 28 January

Re: port 768 Guido A.J. Stevens
Re: Korea (was RE: ?) Patrick Oonk
Re: Korea (was RE: ?) Kim Robert Blix
Re: Extrange named messages Massimo Ferrario
Another Korean asshole Patrick Oonk
Re: Korea (was RE: ?) JJ Gray
eri? Fletcher Mattox
Re: Korea (again) Rob Quinn
DNS update queries: another sort of suspicious activity. Fyodor
Re: Korea (was RE: ?) Brooke, O'Neil
source port 321 T.Esting
Re: Korea (was RE: ?) Robert G. Ferrell
Re: Probes to tcp 2766 ('System V Listner') Thiago/c0nd0r
Re: Korea (was RE: ?) Andy Hooper
Re: port 768 (fwd) Jose Nazario
Re: Korea (was RE: ?) Arrigo Triulzi
probe backs? was Re: [INCIDENTS] Korea Jose Nazario
Re: DNS update queries: another sort of suspicious activity. Patrick Oonk
Re: port 768 Guido A.J. Stevens
Re: DNS update queries: another sort of suspicious activity. Fyodor
Re: DNS update queries: another sort of suspicious activity. Patrick Oonk
Re: port 768 Richard Johnson
Recent Scans Edwin Covert
Re: Korea (was RE: ?) Dug Song
Re: Korea (was RE: ?) Patrick Oonk
Re: Korea (was RE: ?) David Brumley
Re: DNS update queries: another sort of suspicious activity. Bill Royds
Re: eri? Bill Gilpatric
Re: port 768 Dave Dittrich
Re: Korea (was RE: ?) Mark Seiden
Re: Anti-Death Penalty Robert Graham
Re: source port 321 Robert Graham
Re: Anti-Death Penalty Derek Moeller
Re: port 768 Robert Graham

Saturday, 29 January

Re: Korea (was RE: ?) Rob McCauley

Sunday, 30 January

R: Re: Korea (was RE: ?) Raistlin
First china, now russia? Joseph Geyer
Re: port 768 Eric Preston

Monday, 31 January

Re: Extrange named messages Rob Quinn
Re: DNS update queries: another sort of suspicious activity. Rob Quinn
Re: Korea (was RE: ?) Drissel, James W.

Previous period

Next period