Security Incidents mailing list archives

IDS: Scan of the week

From: lance () SPITZNER NET (Lance Spitzner)
Date: Tue, 30 May 2000 17:19:14 -0500


I've started a new program to help both myself and
the IDS community learn, called "Scan of the Week".  Every
Monday I'll post a set of scan signatures I received
from the wild.  It is up to the security community
to determine which tools was used.  Then, every Friday,
I will post the results, which tool the security community
thinks was used.  Most of the time I have no idea which
tool was used, so its up to the community to determine
the tool.

I figured this is a fun way for us all to develop our
forensic skills.  For more info,
http://www.enteract.com/~lspitz/papers.html

Thanks!

lance

Current thread:

Strange Happenings @Home, (continued)
- - - Strange Happenings @Home Fred Hirsch (May 30)
  - AMDROCKS Jim Williams (May 25)
    - Attacks on port 25 Vincent Lim (May 25)
    - Re: Attacks on port 25 Ryan Russell (May 26)
    - Re: Attacks on port 25 Bill Lavalette (May 28)
    - Re: Attacks on port 25 RayW (May 29)
    - invalid icmp in linux? Eric LeBlanc (May 27)
    - Re: invalid icmp in linux? Jose Nazario (May 28)
    - weird scan pattern Joe H (May 28)
    - Re: weird scan pattern Russell Fulton (May 29)
    - IDS: Scan of the week Lance Spitzner (May 30)
    - 5 scans of 12345 in a couple of hours. AUSCERT#36349 Russell Fulton (May 31)
    - Taiwan server compromise Claudiu Costin (May 26)
    - Re: Taiwan server compromise Vortex (May 26)
    - port 44767 activity Nathan Fain (May 28)
    - Re: AMDROCKS Alejandro (May 26)
    - Re: AMDROCKS J. S. Townsley (May 26)
    - Re: AMDROCKS Lance Spitzner (May 26)
    - Re: AMDROCKS Matthew F. Caldwell (May 26)
    - CERT's Handbook for Computer Security Incident Response Teams (CSIRTs) Elias Levy (May 26)