Snort mailing list archives

Re: Todays Terrorist Attack

From: Gordon Ewasiuk <gewasiuk () gnmc net>
Date: Wed, 12 Sep 2001 11:38:33 -0400 (EDT)

On Yesterday, SecurityGauntlet wrote:

Please place postings on any trends that make you suspicious of  ANY future
Terrorist Attacks to come.


Activity is increasing at this datacenter...

over 3 million individual attacks since 1700hrs EST yesterday (11Sept01).

Profiles include:  Code Red, SMTP probes & overflow attempts
(passing large values during HELO, MAIL FROM, etc.), rpc stuff, as
well as ping sweeps and port scans.

Most of the bad guys are coming from APNIC IP blocks at this time.
Secondary suspects are from RIPE blocks in France as well as cable
modem/DSL block domestically.

-Gordon

--------------------------------------------------
Gordon Ewasiuk, Certifed Sun Fanatic,  Winstar VHC
The REAL office number is here----->  703.893.4901
Tired of BSODs, My Computer, and Code Red?
http://www.sun.com/solaris/binaries/
-------------------------------------------------

 11:30am  up 2 day(s),  1:23,  1 user,  load average: 0.01, 0.06, 0.08



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Todays Terrorist Attack SecurityGauntlet (Sep 11)
- Re: Todays Terrorist Attack Gordon Ewasiuk (Sep 12)
- Message not available
  - Re: Todays Terrorist Attack Wayne T Work (Sep 12)
    - Re: Todays Terrorist Attack Ben N. Venzke (Sep 12)