Security Incidents mailing list archives
More DNS scans
From: John Pettitt <jpp () CLOUDVIEW COM>
Date: Sun, 18 Feb 2001 21:34:10 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another bunch of DNS scans - is there a new script out do take advantage of the bind bugs? This one is another Linux box with the default redhat apache home page on it's web server! Feb 18 07:08:25 gatekeeper snort[219]: IDS07 - MISC-Source Port Traffic 53 TCP: 203.126.81.2:53 -> 216.103.77.155:53 Feb 18 07:08:25 gatekeeper snort[219]: IDS07 - MISC-Source Port Traffic 53 TCP: 203.126.81.2:53 -> 216.103.77.156:53 Feb 18 07:08:25 gatekeeper snort[219]: IDS277 - NAMED Iquery Probe: 203.126.81.2:1905 -> 216.103.77.155:53 Feb 18 07:08:26 gatekeeper snort[219]: MISC-DNS-version-query: 203.126.81.2:1905 -> 216.103.77.155:53 John Pettitt <jpp () cloudview com> AOL-IM: CanisRosa SigInt bait ;-) A big hello to the folks at Fort Meade, Menwith Hill and Pine Gap. Keywords: NSA, Echelon, GCHQ, F83, Magnum, Mentor, P415, STEEPLEBUSH -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBOpCwUqdEVMR4hjZYEQLMxwCgzItOBI2QO+yOqH1qpsOYJ5u7qx4Ani/n pken+1ju12EehzwBAso0+RdM =ZM9/ -----END PGP SIGNATURE-----
Current thread:
- More DNS scans John Pettitt (Feb 19)
- Re: More DNS scans John (Feb 19)