Security Incidents mailing list archives
IDS: Scan of the week
From: lance () SPITZNER NET (Lance Spitzner)
Date: Tue, 30 May 2000 17:19:14 -0500
I've started a new program to help both myself and the IDS community learn, called "Scan of the Week". Every Monday I'll post a set of scan signatures I received from the wild. It is up to the security community to determine which tools was used. Then, every Friday, I will post the results, which tool the security community thinks was used. Most of the time I have no idea which tool was used, so its up to the community to determine the tool. I figured this is a fun way for us all to develop our forensic skills. For more info, http://www.enteract.com/~lspitz/papers.html Thanks! lance
Current thread:
- Strange Happenings @Home, (continued)
- Strange Happenings @Home Fred Hirsch (May 30)
- AMDROCKS Jim Williams (May 25)
- Attacks on port 25 Vincent Lim (May 25)
- Re: Attacks on port 25 Ryan Russell (May 26)
- Re: Attacks on port 25 Bill Lavalette (May 28)
- Re: Attacks on port 25 RayW (May 29)
- invalid icmp in linux? Eric LeBlanc (May 27)
- Re: invalid icmp in linux? Jose Nazario (May 28)
- weird scan pattern Joe H (May 28)
- Re: weird scan pattern Russell Fulton (May 29)
- IDS: Scan of the week Lance Spitzner (May 30)
- 5 scans of 12345 in a couple of hours. AUSCERT#36349 Russell Fulton (May 31)
- Taiwan server compromise Claudiu Costin (May 26)
- Re: Taiwan server compromise Vortex (May 26)
- port 44767 activity Nathan Fain (May 28)
- Re: AMDROCKS Alejandro (May 26)
- Re: AMDROCKS J. S. Townsley (May 26)
- Re: AMDROCKS Lance Spitzner (May 26)
- Re: AMDROCKS Matthew F. Caldwell (May 26)
- CERT's Handbook for Computer Security Incident Response Teams (CSIRTs) Elias Levy (May 26)