Security Incidents mailing list archives

RE: FW: Wierd .ida request? What is it?

From: "Can Erkin Acar" <canacar () eee metu edu tr>
Date: Tue, 4 Sep 2001 04:47:00 +0300

A few possibilities come to mind:

1. your IP address changed recently (dialup perhaps?)
   and the response was intended for the previous owner
   of that ip (it is possible that the response is not
   realtime, but sent after analyzing the logs periodically)

2. Remote side is scanning, and masking the scan by
   making you think that it is a codered response

3. Your machine _is_ scanning, hacked perhaps, or
   a legitimate user tried some script (I am sure
   there are scripts that exploit the vulnerability
   by now)

Can

On 3 Sep 2001 at 18:23, red0x wrote:

That's the weird thing, I don't have code red, its linux and apache..  so
wtf?

--=< Can Erkin Acar (canacar () bigfoot com) >=--


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

FW: Wierd .ida request? What is it? red0x (Sep 02)
- Re: FW: Wierd .ida request? What is it? Johannes Segitz (Sep 03)
- <Possible follow-ups>
- RE: FW: Wierd .ida request? What is it? red0x (Sep 03)
  - RE: FW: Wierd .ida request? What is it? Can Erkin Acar (Sep 03)