Security Incidents mailing list archives
Re: [Whitehat] BIND scan from Wanadoo.fr
From: David Höhn <dh () uptime at>
Date: Fri, 16 Aug 2002 18:21:43 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Am 16.08.2002 2:23 Uhr schrieb "Gary Baribault" unter <gary () baribault net>:
I am used to seeing those idiots scanning for FTP and I have them all blocked in and out with out logged .. Recently I say a big jump in OUTPUT REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I also recently noticed them scanning for HTTP. Anyone seen this as well?
I am not observing any bind scans from that subnet, but I am seeing a lot of IIS script exploit attemtps and PHP content disposition exploit attemtpos from wanadoo in their 80.8.5* range. Is that something you mighthave noticed as well? - -- "Hell, there are no rules here-- we're trying to accomplish something." - -- Thomas Alva Edison -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (Darwin) iD8DBQE9XSaVzaw9WRklNbkRA9RpAKCi3qtZo2ynMghKXpB6AczI05RvhwCeLnaD z5JpmczP1+W4ZYkjXrYV5k8= =rn3k -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- BIND scan from Wanadoo.fr Gary Baribault (Aug 16)
- Re: [Whitehat] BIND scan from Wanadoo.fr David Höhn (Aug 16)
- <Possible follow-ups>
- Re: BIND scan from Wanadoo.fr WebMaster (Aug 16)
- Re: BIND scan from Wanadoo.fr Baribault, Gary (Aug 16)
- Re: BIND scan from Wanadoo.fr Mike Arnold (Aug 19)
- Re: BIND scan from Wanadoo.fr Baribault, Gary (Aug 16)