Security Incidents mailing list archives
Re: New script-kiddie looking scan
From: Steffen Dettmer <steffen () dett de>
Date: Wed, 19 Jun 2002 11:08:58 +0200
* Luis Bruno wrote on Tue, Jun 18, 2002 at 21:47 +0100:
Jeff Kell wrote:I suppose the $64K question is: is this a simple script-kiddie scan, or perhaps a new worm signature as it attempts to propagate?Can't think of a worm wading thru SQL Servers *and* HTTP proxies. I'd guess someone is compiling a list of target IPs for future use; SQL Server can be a valuable target, and misconfigured proxies could be used to masquerade an attack.
Huh, yes, maybe someone just builds the attack list for a "flash worm". Theoretically it could be someone gathering statistical information. After a simple portscan I think nice information are available; even if some hosts use i.e. port 8080 for something different, in general (after scanning thousands) it will be a proxy. Well, maybe someone takes a fast DBMS and puts hostinformation into it (guessed OS, SSH version, SQL Server version and so on). Well, and finally a "select addr into targetlist from victims where version = exploitable"... oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- DOS by Flooding a Network Richard Ginski (Jun 17)
- Re: DOS by Flooding a Network jlewis (Jun 17)
- New script-kiddie looking scan Jeff Kell (Jun 18)
- Re: New script-kiddie looking scan Luis Bruno (Jun 18)
- Re: New script-kiddie looking scan zeno (Jun 18)
- Re: New script-kiddie looking scan Chris Ess (Jun 18)
- Re: New script-kiddie looking scan Alain Fauconnet (Jun 18)
- Re: New script-kiddie looking scan Steffen Dettmer (Jun 19)
- New script-kiddie looking scan Jeff Kell (Jun 18)
- Re: New script-kiddie looking scan Russell Fulton (Jun 18)
- Re: DOS by Flooding a Network jlewis (Jun 17)
- Re: DOS by Flooding a Network Vitaly Osipov (Jun 18)
- <Possible follow-ups>
- Re: DOS by Flooding a Network Richard Ginski (Jun 18)
- RE: DOS by Flooding a Network Mike Hrubes (Jun 18)
- RE: DOS by Flooding a Network David Vincent (Jun 18)