A few possibilities come to mind:
1. your IP address changed recently (dialup perhaps?)
and the response was intended for the previous owner
of that ip (it is possible that the response is not
realtime, but sent after analyzing the logs periodically)
2. Remote side is scanning, and masking the scan by
making you think that it is a codered response
3. Your machine _is_ scanning, hacked perhaps, or
a legitimate user tried some script (I am sure
there are scripts that exploit the vulnerability
by now)
Can
On 3 Sep 2001 at 18:23, red0x wrote:
> That's the weird thing, I don't have code red, its linux and apache.. so
> wtf?
>
--=< Can Erkin Acar (canacar_at_bigfoot.com) >=--
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Sep 04 2001
Intro
