Snort mailing list archives
Nice formmail.pl probes
From: Jim Forster <jforster () rapidnet com>
Date: Thu, 28 Feb 2002 10:12:15 -0700
Anyone else seeing a formmail.pl search script running around your websites? I was hit with it from users of pacbell.net, kscable.com, BFLO.splitrock.net, shreveport.la.da.uu.net, and tc.ph.cox.net last night, over 3 different class C's. The subject was either "w00t x.com" or "www.x.com" (x being the domain it hit) going out to their addresses. (nice their script left me contact info anyway) ;) I'm guesing worm, as 90% of the 'send to' addresses were the same AOL user - the other 10% were other AOL usernames. (well, and one epimp.com address) -------------------------------------------------------------------- Sleep: A completely inadequate substitute for caffeine. Jim Forster, jforster () rapidnet com on 02/28/2002 Network Administrator RapidNet, A Golden West Company _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Nice formmail.pl probes Jim Forster (Feb 28)
- Re: Nice formmail.pl probes Chris Green (Feb 28)
- Re: Nice formmail.pl probes Todd (Feb 28)
- Re: Nice formmail.pl probes Todd (Feb 28)
- Nice formmail.pl probes Jim Forster (Feb 28)
- Re: Nice formmail.pl probes Todd (Feb 28)
- Re: Nice formmail.pl probes Todd (Feb 28)
- Re: Nice formmail.pl probes Chris Green (Feb 28)