|
Security Incidents
mailing list archives
Re: [Whitehat] BIND scan from Wanadoo.fr
From: David Höhn <dh () uptime at>
Date: Fri, 16 Aug 2002 18:21:43 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Am 16.08.2002 2:23 Uhr schrieb "Gary Baribault" unter <gary () baribault net>:
I am used to seeing those idiots scanning for FTP and I have them all
blocked in and out with out logged .. Recently I say a big jump in OUTPUT
REJECTs and when I investigated I found 62.155/11 scanning for BIND .. I
also recently noticed them scanning for HTTP. Anyone seen this as well?
I am not observing any bind scans from that subnet, but I am seeing a lot
of IIS script exploit attemtps and PHP content disposition exploit
attemtpos from wanadoo in their 80.8.5* range. Is that something you
mighthave noticed as well?
- -- "Hell, there are no rules here-- we're trying to accomplish something."
- -- Thomas Alva Edison
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (Darwin)
iD8DBQE9XSaVzaw9WRklNbkRA9RpAKCi3qtZo2ynMghKXpB6AczI05RvhwCeLnaD
z5JpmczP1+W4ZYkjXrYV5k8=
=rn3k
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
| 
Intro
