Security Incidents mailing list archives
Re: CRv2 multiple scans from same source IP
From: Luc Pardon <lucp () skopos be>
Date: Mon, 06 Aug 2001 05:02:05 +0200
Maybe this is just three systems behind the same proxy ? Not untypical for cable ISP's. If so, I'd report this to the ISP, they usually don't like their customers running web servers. Luc Pardon Skopos Consulting Belgium John Davidson wrote:
My W2k IIS logs show 3 CRv2 scans from the same source IP within the same minute. The IP is outside my Class A address space. From the analysis of CRv2 published at www.eeye.com this should not be possible, or at least the likelihood of such an occurence is much greater than winning a very big lottery... I should maybe buy a ticket! ;-). John Davidson
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CRv2 multiple scans from same source IP John Davidson (Aug 05)
- Re: CRv2 multiple scans from same source IP Luc Pardon (Aug 05)
- Re: CRv2 multiple scans from same source IP Chris Freeze (Aug 05)
- Re: CRv2 multiple scans from same source IP Chris Freeze (Aug 05)
- RE: CRv2 multiple scans from same source IP Gareth Hastings (Aug 06)
- Re: CRv2 multiple scans from same source IP Paul Gear (Aug 06)
- Re: CRv2 multiple scans from same source IP Valdis . Kletnieks (Aug 05)
- RE: CRv2 multiple scans from same source IP robh (Aug 05)
- Re: CRv2 multiple scans from same source IP corecode (Aug 06)
- Re: CRv2 multiple scans from same source IP Lee Smith (Aug 06)
- RE: CRv2 multiple scans from same source IP Andrew Cruse (Aug 06)
- Re: CRv2 multiple scans from same source IP Ryan Russell (Aug 06)
- Re: CRv2 multiple scans from same source IP Lee Smith (Aug 06)
(Thread continues...)
- Re: CRv2 multiple scans from same source IP Luc Pardon (Aug 05)