Security Incidents mailing list archives
RE: FW: Wierd .ida request? What is it?
From: "Can Erkin Acar" <canacar () eee metu edu tr>
Date: Tue, 4 Sep 2001 04:47:00 +0300
A few possibilities come to mind: 1. your IP address changed recently (dialup perhaps?) and the response was intended for the previous owner of that ip (it is possible that the response is not realtime, but sent after analyzing the logs periodically) 2. Remote side is scanning, and masking the scan by making you think that it is a codered response 3. Your machine _is_ scanning, hacked perhaps, or a legitimate user tried some script (I am sure there are scripts that exploit the vulnerability by now) Can On 3 Sep 2001 at 18:23, red0x wrote:
That's the weird thing, I don't have code red, its linux and apache.. so wtf?
--=< Can Erkin Acar (canacar () bigfoot com) >=-- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- FW: Wierd .ida request? What is it? red0x (Sep 02)
- Re: FW: Wierd .ida request? What is it? Johannes Segitz (Sep 03)
- <Possible follow-ups>
- RE: FW: Wierd .ida request? What is it? red0x (Sep 03)
- RE: FW: Wierd .ida request? What is it? Can Erkin Acar (Sep 03)