Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: CRv2 multiple scans from same source IP

From: <robh () forestknoll com>
Date: Mon, 6 Aug 2001 14:00:15 +1000
Just as I was thinking that it may be transparent proxies causing that
behaviour I see nine scans coming from the same site in Switzerland in 30
seconds, this site is running the Chinese version.

-----Original Message-----
From: John Davidson [mailto:jwd_ods () hotmail com]
Sent: Monday, 6 August 2001 10:39 AM
To: incidents () securityfocus com
Subject: CRv2 multiple scans from same source IP


My W2k IIS logs show 3 CRv2 scans from the same source IP within the same
minute.

The IP is outside my Class A address space. From the analysis of CRv2
published at www.eeye.com this should not be possible, or at least the
likelihood of such an occurence is much greater than winning a very big
lottery... I should maybe buy a ticket! ;-).


John Davidson

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: