Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: CodeRed Observations.
From: Christine Kronberg <Christine_Kronberg () genua de>
Date: Fri, 14 Mar 2003 16:38:56 +0100 (CET)
On Thu, 13 Mar 2003, larosa, vjay wrote:


Some of the systems respond to a ping, none respond to
any HTTP requests. It doesn't mean that they are not
firewalled from incoming traffic though.


  I checked the entries in my logs. The only one that
  responded was indeed an IIS. All other IP gave me a
  "connection refused" or a simple timeout.

  With that being said about the non-three-way-handshake
  hits, I wonder if some of the addresses are spoofed;
  coming from a compiled list or something. Except for
  one hit all came from (different) 217.x.y.z addresses.
  Anyone else observed something similar?

  Have fun,

                                                Chris.


-- 
GeNUA mbH



----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]