|
Security Incidents
mailing list archives
Re: [incident] IIS defacement through FTP, possible DoS
From: "Jean-Luc" <Jean-Luc () Cavey org>
Date: Wed, 5 Jun 2002 18:16:05 +0200
Récemment, Iain Craig a écrit :
There was a LOT of those, all very fast like a DoS attempt. Other
usernames I was seeing in a similar DoS fashion from the same time
and IP were Ogpuser () home com, Kgpuser () home com, and Lgpuser () home com
Anyone know of a kiddie tool that uses these names?
Incidentally, from the WHOIS on that IP:
inetnum: 81.64.0.0 - 81.67.255.255
netname: FR-CYBERCABLE-20020103
descr: LYONNAISE COMMUNICATIONS
PROVIDER Local Registry
country: FR
admin-c: LC220-RIPE
tech-c: LC224-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: AS6678-MNT
mnt-routes: AS6678-MNT
changed: hostmaster () ripe net 20020103
changed: hostmaster () ripe net 20020108
source: RIPE
That's not the only IP these DoS-ish requests came from; going
through the others now. Wondering if I'm dealing with two seperate
incidents here, the defacement and a seperate DoS or DDoS.
Any advice or guidance appreciated.
I've the same provider.
I would suggest that you report the incident to him abuse () cybercable fr or
abuse () noos fr (actualy the same provider)
Jean-Luc Cavey
65, bd Brune
75014 Paris, France
+33 (0) 1 45 43 45 62
+33 (0) 6 15 93 77 96
E-Mail : Jean-Luc () Cavey org
ICQ/UIN : 122785712
================================
La presence de ce texte prouve que ce message
electronique a ete verifie par un logiciel anti-virus
à jour au moment de l'envoi.
The presence of this text proves that this e-mail
has been verified by an up-to-date anti-virus
software at the time of the sending.
================================
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
|
Intro
