Security Incidents mailing list archives
RE: .ida Intrusion Attempt
From: Tim Winders <twinders () SPC cc tx us>
Date: Thu, 19 Jul 2001 18:43:57 -0500 (CDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am seeing port 80 scans on "all" my hosts. BlackICE is going nuts
everywhere, my Apache machines are gleefully logging the default.ida
requests and I am consindering blocking port 80 for all but my public www
servers. I probably should do this anyway, but this is getting
ridiculous!
**********************************************
Tim Winders, MCSE, CNE, CCNA
Associate Dean of Information Technology
South Plains College
Levelland, TX 79336
Phone: 806-894-9611 x 2369
FAX: 806-894-1549
Email: TWinders () SPC cc tx us
**********************************************
On Thu, 19 Jul 2001, Colby Rice wrote:
Has anyone else noticed that it is only hitting www. servers? or am I
just lucky? I am getting many many attempts but ONLY on my
www.<whatever> servers I DO have servers with port 80 open to the
outside world that ARE NOT getting hit. from everything I have read on
this worm it is picking its IP's at random and if that is the case then
I should have been hit on something OTHER then these (few) www.
servers..
(or am I missing something?)
CR
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OSF1) Comment: Made with pgp4pine 1.76 iEYEARECAAYFAjtXcMAACgkQTPuHnIooYbzYtgCfTx5Jo9FnkiqGdJ1BYI9+QtF3 bWkAn1fA88KJfcVci1opL9MHqIkMph89 =Bld0 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: .ida Intrusion Attempt Keith.Morgan (Jul 19)
- <Possible follow-ups>
- RE: .ida Intrusion Attempt Tulchinskiy, Sasha (Jul 19)
- Re: .ida Intrusion Attempt Sebastian Ip (Jul 19)
- Re: .ida Intrusion Attempt Kheos ml (Jul 19)
- Re: .ida Intrusion Attempt Sebastian Ip (Jul 19)
- RE: .ida Intrusion Attempt Yom, Francis (Jul 19)
- Re: .ida Intrusion Attempt Dr SuSE (Jul 19)
- Re: .ida Intrusion Attempt bugtraq (Jul 19)
- RE: .ida Intrusion Attempt Colby Rice (Jul 19)
- RE: .ida Intrusion Attempt Tim Winders (Jul 19)
- .ida Intrusion Attempt Joe Smith (Jul 19)
- Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
- Re: .ida Intrusion Attempt Joe Smith (Jul 19)
- Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
- RE: .ida Intrusion Attempt Ulrich Keil (Jul 19)
- Re: .ida Intrusion Attempt Russell Fulton (Jul 19)
- Re: .ida Intrusion Attempt Stuart Staniford (Jul 19)
- Re: .ida Intrusion Attempt E. Larry Lidz (Jul 20)
- Re: .ida Intrusion Attempt Kyle R Maxwell (Jul 20)
- Re: .ida Intrusion Attempt Stuart Staniford (Jul 19)