Security Incidents mailing list archives
Re: [incident] IIS defacement through FTP, possible DoS
From: "Jean-Luc" <Jean-Luc () Cavey org>
Date: Wed, 5 Jun 2002 18:16:05 +0200
Récemment, Iain Craig a écrit :
There was a LOT of those, all very fast like a DoS attempt. Other usernames I was seeing in a similar DoS fashion from the same time and IP were Ogpuser () home com, Kgpuser () home com, and Lgpuser () home com Anyone know of a kiddie tool that uses these names? Incidentally, from the WHOIS on that IP: inetnum: 81.64.0.0 - 81.67.255.255 netname: FR-CYBERCABLE-20020103 descr: LYONNAISE COMMUNICATIONS PROVIDER Local Registry country: FR admin-c: LC220-RIPE tech-c: LC224-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: AS6678-MNT mnt-routes: AS6678-MNT changed: hostmaster () ripe net 20020103 changed: hostmaster () ripe net 20020108 source: RIPE That's not the only IP these DoS-ish requests came from; going through the others now. Wondering if I'm dealing with two seperate incidents here, the defacement and a seperate DoS or DDoS. Any advice or guidance appreciated.
I've the same provider. I would suggest that you report the incident to him abuse () cybercable fr or abuse () noos fr (actualy the same provider) Jean-Luc Cavey 65, bd Brune 75014 Paris, France +33 (0) 1 45 43 45 62 +33 (0) 6 15 93 77 96 E-Mail : Jean-Luc () Cavey org ICQ/UIN : 122785712 ================================ La presence de ce texte prouve que ce message electronique a ete verifie par un logiciel anti-virus à jour au moment de l'envoi. The presence of this text proves that this e-mail has been verified by an up-to-date anti-virus software at the time of the sending. ================================ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- [incident] IIS defacement through FTP, possible DoS Iain Craig (Jun 05)
- Re: [incident] IIS defacement through FTP, possible DoS Jean-Luc (Jun 05)
- <Possible follow-ups>
- Re: [incident] IIS defacement through FTP, possible DoS Matthew . Brown (Jun 05)
- Re: [incident] IIS defacement through FTP, possible DoS Michael Katz (Jun 05)
- Re: [incident] IIS defacement through FTP, possible DoS Muhammad Faisal Rauf Danka (Jun 05)
- RE: [incident] IIS defacement through FTP, possible DoS Iain Craig (Jun 06)
- Re: [incident] IIS defacement through FTP, possible DoS Patrick Andry (Jun 06)