Security Incidents mailing list archives
Re: .ida Intrusion Attempt
From: Sebastian Ip <9scki () qlink queensu ca>
Date: Thu, 19 Jul 2001 19:34:02 -0400
I have see like dozen attempts on myself already. I don't run windows and I don't have httpd of any type running. So it's not restricted to web servers. it's justa random porbe of any sites. I mean not everyone's got a www in front of their host name. Another though. Seeing the number of hits I have been getting and i am talking about a @home cable firewall and a work machine connected to DSL without a proper DNS name. I think we could be in for a slow internet tommorrow if all these machines don't get cleaned up and all of them start DOSing whitehouse.gov from all over the world. Cheers Sebastian Ip On Thursday 19 July 2001 14:19, Tulchinskiy, Sasha wrote:
That is not correct (unfortunately). We have servers attacked with URLs other than www.something... -----Original Message----- From: Colby Rice [mailto:crice () 180096hotel com] Sent: Thursday, July 19, 2001 1:29 PM Cc: incidents () securityfocus com; focus-ids () securityfocus com Subject: RE: .ida Intrusion Attempt Has anyone else noticed that it is only hitting www. servers? or am I just lucky? I am getting many many attempts but ONLY on my www.<whatever> servers I DO have servers with port 80 open to the outside world that ARE NOT getting hit. from everything I have read on this worm it is picking its IP's at random and if that is the case then I should have been hit on something OTHER then these (few) www. servers.. (or am I missing something?) CR --------------------------------------------------------------------------- - This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: .ida Intrusion Attempt Keith.Morgan (Jul 19)
- <Possible follow-ups>
- RE: .ida Intrusion Attempt Tulchinskiy, Sasha (Jul 19)
- Re: .ida Intrusion Attempt Sebastian Ip (Jul 19)
- Re: .ida Intrusion Attempt Kheos ml (Jul 19)
- Re: .ida Intrusion Attempt Sebastian Ip (Jul 19)
- RE: .ida Intrusion Attempt Yom, Francis (Jul 19)
- Re: .ida Intrusion Attempt Dr SuSE (Jul 19)
- Re: .ida Intrusion Attempt bugtraq (Jul 19)
- RE: .ida Intrusion Attempt Colby Rice (Jul 19)
- RE: .ida Intrusion Attempt Tim Winders (Jul 19)
- .ida Intrusion Attempt Joe Smith (Jul 19)
- Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
- Re: .ida Intrusion Attempt Joe Smith (Jul 19)
- Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
- RE: .ida Intrusion Attempt Ulrich Keil (Jul 19)
(Thread continues...)