(Fwd) RE: logs

["George Bakos" <gbakos () ists dartmouth edu>]

Stock reply IAW policy?  You be the judge.
There is, of course the possibility that she is right on the money.  I 
can think of no better opportunity to do large scale decoyed port 80 
sweeps than during a period like this.

------- Forwarded message follows -------
From:                   "Goudeau, Kristin M" <Kristin.Goudeau () PSS Boeing com>
To:                     "'George Bakos'" <gbakos () ists dartmouth edu>
Subject:                RE: logs
Date sent:              Thu, 26 Jul 2001 14:20:30 -0700

We have looked into this and found that no packets from any 
Boeing proxy servers accessed the address space you sent me. As 
far as the code red worm that we have talk about, we run web 
proxy servers not IIS web servers, so our proxies are not 
vulnerable to this worm.  We have seen no evidence of an infected 
machine behind the proxy servers sending packets back out 
through our proxy. It does not work that way. Our conclusion is that 
our addresss was spoofed.  

If you see any more packets, scans or have additional security 
concerns for Boeing, please send them directly to me and I will 
address them.  

Kris Goudeau :)                             
Incident Detection & Response
Enterprise Computing Security- Intrusion Response
kristin.m.goudeau () boeing com
Phone: 253-657-5691  Pager: 206-797-6112

------- End of forwarded message -------
~~~~~~~~~~~~~~~~~~~~~~~~~
gbakos () ists dartmouth edu

1c1
< $ chown us:us yourbase -R
---
> # find / -name your\ base -exec chown us:us -R {} \;


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com