Security Incidents mailing list archives
RE: HTTP connections
From: Lindsay <lmf1t () cstone net>
Date: Sun, 22 Jul 2001 17:26:26 -0400
Port 80 SYN packets arrived singly and in triples to my dial-up Linux box. I captured some in tcpdump format: http://www.cstone.net/~lmf1t/codered/0718@2052_HTTP_CODE_RED.log http://www.cstone.net/~lmf1t/codered/0719@1332_HTTP_CODE_RED.log http://www.cstone.net/~lmf1t/codered/0719@1528_HTTP_CODE_RED.log Lindsay Ryan Russell wrote:
On Fri, 20 Jul 2001, Dean Cunningham wrote:Looks like code red , but not seeing the 3 hits per ip address, just
one.
May be due to the different FW logs, I use Firewall-1.I was getting three SYN packets per attempt. For simple port-blocking firewalls, they may log it as three entries. Firewall-1 will treat it
as
one "connection" attempt, and log it as a single item.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- HTTP connections Gillard, Paul (Jul 19)
- Re: HTTP connections Chris Freeze (Jul 19)
- Re: HTTP connections Ryan Russell (Jul 19)
- Other China Hack Attempts Concurrent With Code Red David E. Weekly (Jul 19)
- <Possible follow-ups>
- RE: HTTP connections Dean Cunningham (Jul 19)
- RE: HTTP connections Ryan Russell (Jul 19)
- RE: HTTP connections Lindsay (Jul 22)