Security Incidents: by thread

Re: Proxy Scans to dail up hosts... Dave Mitchell (Nov 30 2001)
Re: Re[2]: Strange Traffic.. Markus Stumpf (Nov 30 2001)
Re: Code Red -- AGAIN?!? Eric Hall (Nov 30 2001)
Re: solaris nscd cores mikeDOTd (Dec 01 2001)
- Re: solaris nscd cores Greg A. Woods (Dec 01 2001)
  - Re: solaris nscd cores Fyodor (Dec 01 2001)
- Re: solaris nscd cores j.e.r.k. ROCKS (Dec 04 2001)
- Re: solaris nscd cores j.e.r.k. ROCKS (Dec 04 2001)
Re: Proxy Scans to dial up hosts... Bill_Royds_at_pch.gc.ca (Nov 30 2001)
RE: Proxy Scans to dial up hosts... Ascent - Compton, Richard (Nov 30 2001)
RE: Strange Web requests. Geoffrey King (Nov 30 2001)
Attacks against SSH? johan.augustsson_at_adm.gu.se (Dec 02 2001)
- Re: Attacks against SSH? Aaron Schultz (Dec 03 2001)
- Re: Attacks against SSH? f.johan.beisser (Dec 03 2001)
  - Re: Attacks against SSH? johan.augustsson_at_adm.gu.se (Dec 03 2001)
    - Re: Attacks against SSH? Jordan K Wiens (Dec 04 2001)
  - Re: Attacks against SSH? Dave Dittrich (Dec 03 2001)
    - Re: Attacks against SSH? Jason Baker (Dec 04 2001)
      - Re: Attacks against SSH? Michal Zalewski (Dec 04 2001)
      - Re: Attacks against SSH? Russell Fulton (Dec 04 2001)
      - Re: Attacks against SSH? Przemyslaw Frasunek (Dec 04 2001)
  - Re: Attacks against SSH? Jason Robertson (Dec 03 2001)
    - Re: Attacks against SSH? f.johan.beisser (Dec 03 2001)
      - SSH1 CRC32 Compensation Attacks Armando B. Ortiz (Dec 09 2001)
      - Re: SSH1 CRC32 Compensation Attacks Andreas Östling (Dec 10 2001)
      - Re: SSH1 CRC32 Compensation Attacks Armando Ortiz (Dec 10 2001)
  - Re: Attacks against SSH? Florian Weimer (Dec 04 2001)
- Re: Attacks against SSH? Armando B. Ortiz (Dec 03 2001)
  - Re: Attacks against SSH? Steven S (Dec 03 2001)
  - Re: Attacks against SSH? Adam Manock (Dec 03 2001)
- Re: Attacks against SSH? Andreas Wiesmann (Dec 03 2001)
- Re: Attacks against SSH? Cy Schubert - ITSD Open Systems Group (Dec 03 2001)
- RE: Attacks against SSH? CHURCH,GENO (Non-HP-USA,ex1) (Dec 04 2001)
- Re: Attacks against SSH? Russell Fulton (Dec 05 2001)
  - Re: Attacks against SSH? David Chin (Dec 05 2001)
- Re: Attacks against SSH? Skip Carter (Dec 05 2001)
- Re: Attacks against SSH? johan.augustsson_at_adm.gu.se (Dec 05 2001)
- Re: Attacks against SSH? Skip Carter (Dec 05 2001)
linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 03 2001)
- Re: linux 'zoot' rootkit/DoSkit/etc Konrad Rieck (Dec 03 2001)
  - Re: linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 05 2001)
- Re: linux 'zoot' rootkit/DoSkit/etc Fredrik Ostergren (Dec 04 2001)
- Re: linux 'zoot' rootkit/DoSkit/etc James W. Abendschan (Dec 05 2001)
RE: Code Red -- AGAIN?!? Reeves, Michael (GEAE, Compaq) (Dec 03 2001)
why the nimda upsurge again? Jose Nazario (Dec 03 2001)
- Re: why the nimda upsurge again? Dug Song (Dec 03 2001)
  - Re: why the nimda upsurge again? Jose Nazario (Dec 04 2001)
- RE: why the nimda upsurge again? James (Dec 03 2001)
Network 195.70.202.0/24 is hacker-freindly Pavel Lozhkin (Dec 03 2001)
- RE: Network 195.70.202.0/24 is hacker-freindly Boyan Krosnov (Dec 03 2001)
  - Re: Network 195.70.202.0/24 is hacker-freindly Mike Lewinski (Dec 04 2001)
- Re: Network 195.70.202.0/24 is hacker-freindly Yaakov Yehudi (Dec 03 2001)
- Re: Network 195.70.202.0/24 is hacker-freindly Pavel Lozhkin (Dec 03 2001)
- RE: Network 195.70.202.0/24 is hacker-freindly Justin Silles (Dec 04 2001)
- Re: Network 195.70.202.0/24 is hacker-freindly Nissa Moore - ISSM (Dec 04 2001)
- Re: Network 195.70.202.0/24 is hacker-freindly Thierry Zoller (Dec 05 2001)
Honeynet Research Alliance Lance Spitzner (Dec 03 2001)
New version of SirCam? Joao Gouveia (Dec 04 2001)
- RE: New version of SirCam? hpierce_at_ned.ara.com (Dec 04 2001)
- Re: New version of SirCam? Jay D. Dyson (Dec 04 2001)
- Re: New version of SirCam ===w32Goner Seth Leone (Dec 04 2001)
slowish ssh scan from 149.69.85.65 Russell Fulton (Dec 04 2001)
- Re: slowish ssh scan from 149.69.85.65 Nate Campi (Dec 04 2001)
  - Re: slowish ssh scan from 149.69.85.65 Andreas Östling (Dec 05 2001)
- Re: slowish ssh scan from 149.69.85.65 Glenn Forbes Fleming Larratt (Dec 05 2001)
  - Re: slowish ssh scan from 149.69.85.65 Jim Watt (Dec 05 2001)
RE: New version of SirCam ===w32Goner David Brown (Dec 04 2001)
Gone Worm Andrew Blevins (Dec 05 2001)
- RE: Gone Worm Chris Eidem (Dec 05 2001)
- RE: Gone Worm Michael Garafola (Dec 05 2001)
norton AV host discovery scan Ian Melven (Dec 06 2001)
- Re: norton AV host discovery scan FatFinger (Dec 08 2001)
Port 113 requests? Michael Ward (Dec 06 2001)
- Re: Port 113 requests? Chris Wilkes (Dec 06 2001)
- Re: Port 113 requests? Ryan Russell (Dec 06 2001)
  - Re: Port 113 requests? Helmut Springer (Dec 07 2001)
  - Re: Port 113 requests? Valdis.Kletnieks_at_vt.edu (Dec 07 2001)
    - Re: Port 113 requests? Ryan Russell (Dec 07 2001)
- RE: Port 113 requests? Slighter, Tim (Dec 06 2001)
  - RE: Port 113 requests? Ryan McDonnell (Dec 06 2001)
  - RE: Port 113 requests? Andrew Leonard (Dec 06 2001)
    - RE: Port 113 requests? Todd Suiter (Dec 07 2001)
    - Re: Port 113 requests? Helmut Springer (Dec 07 2001)
  - Re: Port 113 requests? Crist J . Clark (Dec 06 2001)
    - Re: Port 113 requests? Greg A. Woods (Dec 07 2001)
  - Re: Port 113 requests? Paul Cardon (Dec 06 2001)
  - Re: Port 113 requests? Mike Meredith (Dec 07 2001)
  - RE: Port 113 requests? Tony Gale (Dec 07 2001)
  - Re: Port 113 requests? Florian Weimer (Dec 07 2001)
  - Re: Port 113 requests? Alexander Bochmann (Dec 07 2001)
  - Re: Port 113 requests? Patrick Patterson (Dec 07 2001)
  - Re: Port 113 requests? Paul Gear (Dec 07 2001)
    - Thread "Port 113 requests?" Mario van Velzen (Dec 07 2001)
  - Re: Port 113 requests? Valdis.Kletnieks_at_vt.edu (Dec 06 2001)
- RE: Port 113 requests? Chris Keladis (Dec 06 2001)
  - RE: Port 113 requests? Jose Nazario (Dec 07 2001)
    - RE: Port 113 requests? Steve Stearns (Dec 07 2001)
- RE: Port 113 requests? Brian Cervenka (Dec 07 2001)
6112/TCP scans Paul Dokas (Dec 07 2001)
- Re: 6112/TCP scans dewt (Dec 07 2001)
  - Re: 6112/TCP scans Paul Dokas (Dec 11 2001)
    - Re: 6112/TCP scans Neil Long (Dec 11 2001)
      - Re: 6112/TCP scans Paul Dokas (Dec 11 2001)
Anonymous FTP annoyance Bryan Smith (Dec 07 2001)
- Re: Anonymous FTP annoyance James (Dec 08 2001)
- Re: Anonymous FTP annoyance Nick FitzGerald (Dec 09 2001)
- Re: Anonymous FTP annoyance John Sage (Dec 09 2001)
- RE: Anonymous FTP annoyance Bryan Smith (Dec 10 2001)
CodeRed back with with a vengence this month! Russell Fulton (Dec 09 2001)
- Re: CodeRed back with with a vengence this month! Cory McIntire (Dec 10 2001)
  - Re: CodeRed back with with a vengence this month! Ian O'Brien (Dec 10 2001)
- Re: CodeRed back with with a vengence this month! zeno (Dec 10 2001)
Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 09 2001)
- Re: Voluminous SSHd scanning; possible worm activity? Neil Dickey (Dec 10 2001)
  - Re: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10 2001)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10 2001)
  - RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10 2001)
  - Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 10 2001)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10 2001)
  - Re: Voluminous SSHd scanning; possible worm activity? Florian Weimer (Dec 10 2001)
    - Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 11 2001)
- Re: Voluminous SSHd scanning; possible worm activity? Armando Ortiz (Dec 10 2001)
- Re: Voluminous SSHd scanning; possible worm activity? Russell Fulton (Dec 10 2001)
- Re: Voluminous SSHd scanning; possible worm activity? Jacek Lipkowski (Dec 11 2001)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 11 2001)
  - RE: Voluminous SSHd scanning; possible worm activity? Damien Miller (Dec 11 2001)
  - RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 11 2001)
    - Re: Voluminous SSHd scanning; possible worm activity? Bertrand Lupart (Dec 12 2001)
      - Re: Voluminous SSHd scanning; possible worm activity? Jonathan Bloomquist (Dec 13 2001)
  - RE: Voluminous SSHd scanning; possible worm activity? jon schatz (Dec 11 2001)
    - Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 12 2001)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 12 2001)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 12 2001)
- Re: Voluminous SSHd scanning; possible worm activity? Paul Gear (Dec 13 2001)
  - Re: Voluminous SSHd scanning; possible worm activity? Sam Ferrell (Dec 13 2001)
- Re: Voluminous SSHd scanning; possible worm activity? Glenn Forbes Fleming Larratt (Dec 10 2001)
- Re: Voluminous SSHd scanning; possible worm activity? Clarissa Cook (Dec 17 2001)
Possible DoS Attack? Jonathan A. Zdziarski (Dec 10 2001)
- RE: Possible DoS Attack? Blake R. Swopes (Dec 10 2001)
- Re: Possible DoS Attack? Glenn Forbes Fleming Larratt (Dec 10 2001)
- Re: Possible DoS Attack? Jacques Bourdeau (Dec 10 2001)
- RE: Possible DoS Attack? Jacques Bourdeau (Dec 10 2001)
Distributed Scans? E. Larry Lidz (Dec 10 2001)
Know Your Enemy: Honeynets Lance Spitzner (Dec 11 2001)
Port 111 Traffic Tim Brown (Dec 11 2001)
- Re: Port 111 Traffic Tim Brown (Dec 11 2001)
- RE: Port 111 Traffic Michael Ward (Dec 12 2001)
Internal Machine making many attempts to connect to Internet on 1 37 Seamus Hartmann (Dec 11 2001)
- Re: Internal Machine making many attempts to connect to Internet on 137 Sam Evans (Dec 11 2001)
- RE: Internal Machine making many attempts to connect to Internet on 137 Nick Elliott (Dec 12 2001)
RE: Internal Machine making many attempts to connect to Internet on 137 Jim Harrison (SPG) (Dec 11 2001)
- RE: Internal Machine making many attempts to connect to Internet on 137 Robert Graham (Dec 11 2001)
RE: Internal Machine making many attempts to connect to Internet on 1 37 Portnoy, Gary (Dec 11 2001)
- RE: Internal Machine making many attempts to connect to Internet on 1 37 Seamus Hartmann (Dec 11 2001)
New rootkit? UIA Security (Dec 12 2001)
- Re: New rootkit? Blake Frantz (Dec 12 2001)
RE: Voluminous SSHd scanning; possible worm activity ? Gommers, Joep (Dec 12 2001)
- Re: Voluminous SSHd scanning; possible worm activity ? Steve Wright (Dec 13 2001)
  - Re: Voluminous SSHd scanning; possible worm activity ? Philipp Stucke (Dec 13 2001)
  - Re: Voluminous SSHd scanning; possible worm activity ? Dave Dittrich (Dec 13 2001)
    - Re: Voluminous SSHd scanning; possible worm activity ? Dragos Ruiu (Dec 15 2001)
CodeRed-like FTP worm? Ascent - Compton, Richard (Dec 12 2001)
- Re: CodeRed-like FTP worm? hvdkooij_at_vanderkooij.org (Dec 13 2001)
- Re: CodeRed-like FTP worm? Neil McKellar (Dec 13 2001)
- Re: CodeRed-like FTP worm? H C (Dec 13 2001)
Something new? Todd Dunbebin (Dec 13 2001)
- RE: Something new? Graeme Fowler (Dec 13 2001)
Gokar Worm? Jeremy G Byrne (Dec 12 2001)
- RE: Gokar Worm? Matthew Reams (Dec 13 2001)
- Re: Gokar Worm? Johannes B. Ullrich (Dec 13 2001)
- Re: Gokar Worm? Nick FitzGerald (Dec 13 2001)
SOPHOS REPLY: RE: Gokar Worm? Jagh, Kevin (TGA/MLOL) (Dec 13 2001)
Seen any DDoS coming from 208.184.109.166? mixter_at_2xs.co.il (Dec 14 2001)
CERT CA-2001-034 Mike Friedberg (Dec 14 2001)
Weird Scan centipede (Dec 16 2001)
FTP scans from wanadoo.fr Aaron Wolfe (Dec 17 2001)
- Re: FTP scans from wanadoo.fr Paul Asadoorian (Dec 17 2001)
  - Re: FTP scans from wanadoo.fr Todd Suiter (Dec 17 2001)
    - RE: FTP scans from wanadoo.fr Rick Darsey (Dec 17 2001)
    - Re: FTP scans from wanadoo.fr Glenn Forbes Fleming Larratt (Dec 17 2001)
- Re: FTP scans from wanadoo.fr Todd Suiter (Dec 17 2001)
- Re: FTP scans from wanadoo.fr Mike V (Dec 17 2001)
- Re: FTP scans from wanadoo.fr Jose Nazario (Dec 17 2001)
- Re: FTP scans from wanadoo.fr Sébastien Vaast (Dec 17 2001)
- RE: FTP scans from wanadoo.fr SunTrix Com Management (Dec 17 2001)
- Re: FTP scans from wanadoo.fr russell (Dec 17 2001)
  - Re: FTP scans from wanadoo.fr Steve (Dec 17 2001)
- Re: FTP scans from wanadoo.fr loon (Dec 17 2001)
  - Re: FTP scans from wanadoo.fr Phil (Dec 17 2001)
  - Re: FTP scans from wanadoo.fr Replugge [Rod] (Dec 17 2001)
- Re: FTP scans from wanadoo.fr dr john halewood (Dec 18 2001)
  - Re: FTP scans from wanadoo.fr Alexandre Pinto (Dec 18 2001)
  - Re: FTP scans from wanadoo.fr - MOre info Replugge [Rod] (Dec 18 2001)
    - Re: FTP scans from wanadoo.fr - MOre info Pieter-Bas IJdens (Dec 19 2001)
- Re: FTP scans from wanadoo.fr Emil Popov (Dec 20 2001)
Re: MSIE may download and run progams automatically Seth Leone (Dec 17 2001)
SSH Attempts: Link to RedHat? Gregg Sperling (Dec 17 2001)
- Re: SSH Attempts: Link to RedHat? John Oliver (Dec 17 2001)
- Re: SSH Attempts: Link to RedHat? jon schatz (Dec 17 2001)
  - Re: SSH Attempts: Link to RedHat? Dave Dittrich (Dec 18 2001)
    - Re: SSH Attempts: Link to RedHat? Holger van Lengerich (paderLinx GmbH) (Dec 18 2001)
- RE: SSH Attempts: Link to RedHat? Montz, James C. (James Tower) (Dec 18 2001)
- Re: SSH Attempts: Link to RedHat? Rodrigo Barbosa (Dec 19 2001)
FTP scans from wanadoo.fr Gray, Patrick (ISS Atlanta) (Dec 17 2001)
- RE: FTP scans from wanadoo.fr Barber, Chris (Dec 18 2001)
- Re: FTP scans from wanadoo.fr Dave Morris (Dec 19 2001)
a BIG Thank-You! Gregg Sperling (Dec 17 2001)
wanadoo.fr's ip blocks Aaron Wolfe (Dec 17 2001)
- Re: wanadoo.fr's ip blocks Erik Fichtner (Dec 18 2001)
Re: UDP DoS attack in Win2k via IKE Dan Irwin (Dec 18 2001)
*MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19 2001)
- Re: *MAJOR SECURITY BREACH AT CCBILL** H C (Dec 19 2001)
  - Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19 2001)
    - Re: *MAJOR SECURITY BREACH AT CCBILL** l0rtamus Prime (Dec 19 2001)
      - Re: *MAJOR SECURITY BREACH AT CCBILL** Robert van der Meulen (Dec 19 2001)
- RE: *MAJOR SECURITY BREACH AT CCBILL** NESTING, DAVID M (SBCSI) (Dec 19 2001)
  - Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19 2001)
  - Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 19 2001)
    - RE: *MAJOR SECURITY BREACH AT CCBILL** robh_at_forestknoll.com (Dec 19 2001)
      - RE: *MAJOR SECURITY BREACH AT CCBILL** jlewis_at_lewis.org (Dec 20 2001)
- RE: *MAJOR SECURITY BREACH AT CCBILL** Rick Darsey (Dec 19 2001)
  - Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Christian Vogel (Dec 20 2001)
    - Re: Contacting t-dialin {MAJOR SECURITY BREACH AT CCBILL} Damir Rajnovic (Dec 21 2001)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Dayne Jordan (Dec 20 2001)
- RE: *MAJOR SECURITY BREACH AT CCBILL** Sparro, Dave (Dec 21 2001)
- Re: *MAJOR SECURITY BREACH AT CCBILL** Matthew S. Hallacy (Dec 24 2001)
NT Compromise Eric Hines (Dec 19 2001)
- RE: NT Compromise Jignesh Pathak (Dec 19 2001)
  - RE: NT Compromise Matthew Leeds (Dec 19 2001)
- Re: NT Compromise Nexus (Dec 19 2001)
- Re: NT Compromise H C (Dec 20 2001)
- Re: NT Compromise Paulo Braga (Dec 20 2001)
NT Compromise MALIN, ALEX (PB) (Dec 19 2001)
- Re: NT Compromise Christine Merey (Dec 19 2001)
Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? Glenn Forbes Fleming Larratt (Dec 19 2001)
- Re: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? H C (Dec 20 2001)
- RE: Newest Nimda variant? Scanning ftp,telnet,smtp,snmp? Tony Langdon (Dec 20 2001)
sshd brake-in attempts Emil Popov (Dec 20 2001)
- Re: sshd brake-in attempts Markus Friedl (Dec 20 2001)
DDoS Attacks to several Networks (Switzerland) michi_at_digicomp.ch (Dec 20 2001)
- RE: DDoS Attacks to several Networks (Switzerland) List-Collector (Dec 20 2001)
some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog Steffen Dettmer (Dec 22 2001)
- Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog Sebastian Jaenicke (Dec 23 2001)
- Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog Matthew D. Close (Dec 23 2001)
  - Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog Jose Nazario (Dec 27 2001)
NT Compromise -- UPDATE (UDP Flood SRC=53) Loki (Dec 24 2001)
- Re: NT Compromise -- UPDATE (UDP Flood SRC=53) Mike Lewinski (Dec 24 2001)
SNMP scans, DoS and a VIP crash Kneppers (Dec 24 2001)
- RE: SNMP scans, DoS and a VIP crash Tyrannis Von Nettesheim (Dec 26 2001)
NT Compromise -- Update -- SRC PORT: 53 traffic Loki (Dec 24 2001)
- RE: NT Compromise -- Update -- SRC PORT: 53 traffic Bill Royds (Dec 24 2001)
  - RE: NT Compromise -- Update -- SRC PORT: 53 traffic Alvin Oga (Dec 25 2001)
- Re: NT Compromise -- Update -- SRC PORT: 53 traffic Joep Gommers (Dec 25 2001)
Request For Hack ! Nexus (Dec 24 2001)
- Re: Request For Hack ! stefmit_at_starband.net (Dec 25 2001)
- RE: Request For Hack ! Eric Parent (Dec 26 2001)
- RE: Request For Hack ! Omar Koudsi (Dec 26 2001)
- RE: Request For Hack ! Chad Cyrisse (Dec 27 2001)
RST.b Ryan Russell (Dec 27 2001)
port 9274? John Kinsella (Dec 28 2001)
- RE: port 9274? Royans Tharakan (Dec 28 2001)
Microsoft's Early Xmas Present. Jay D. Dyson (Dec 28 2001)
- Re: Microsoft's Early Xmas Present. mcoleman (Dec 29 2001)
  - Re: Microsoft's Early Xmas Present. Jay D. Dyson (Dec 29 2001)
  - Re: Microsoft's Early Xmas Present. Valdis.Kletnieks_at_vt.edu (Dec 31 2001)
- Re: Microsoft's Early Xmas Present. Ryan Russell (Dec 29 2001)
Possible ICMP DOS spoofed to Nameservers? Richard Gilman (Dec 30 2001)
- Re: Possible ICMP DOS spoofed to Nameservers? Ryan Russell (Dec 30 2001)
- Re: Possible ICMP DOS spoofed to Nameservers? Gary Losito (Dec 31 2001)
port 6699 scans Brad (Dec 30 2001)
- Re: port 6699 scans David Correa (Dec 30 2001)