Security Incidents mailing list archives
EarlyBird for Other Attacks?
From: gs-list <gs-list () glsrms com>
Date: Fri, 28 Jun 2002 14:26:30 -0500
Mr. Dyson's Early Bird tool has been a godsend to my web servers - Kudos to him for Early Bird!
Has anybody else developed countermeasure tools to combat the other vulnerability-seeking worms that are out there? For example, I have been seeing between 25 and 50 hits, per server, per day on port 1433. I'd like to start using some countermeasures against these attempts/attacks. Perhaps not malicious countermeasures, but one that would do an ARIN/RIPE WHOIS lookup, and notify the administrator of the IP Netblock of the attack.
Again, I reiterate the point -- Early Bird has been a godsend. I have received a range of responses to Early Bird notifications, including many thank-you messages from sysadmins. It would be nice to combat the other problematic stuff out there.
Thanks, Gregg Sperling sysadmin glsrms.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- EarlyBird for Other Attacks? gs-list (Jun 28)
- Re: EarlyBird for Other Attacks? Jay D. Dyson (Jun 28)
- Re: EarlyBird for Other Attacks? Hugo van der Kooij (Jun 29)