Security Incidents mailing list archives
RE: CRv2 multiple scans from same source IP
From: <robh () forestknoll com>
Date: Mon, 6 Aug 2001 14:00:15 +1000
Just as I was thinking that it may be transparent proxies causing that behaviour I see nine scans coming from the same site in Switzerland in 30 seconds, this site is running the Chinese version. -----Original Message----- From: John Davidson [mailto:jwd_ods () hotmail com] Sent: Monday, 6 August 2001 10:39 AM To: incidents () securityfocus com Subject: CRv2 multiple scans from same source IP My W2k IIS logs show 3 CRv2 scans from the same source IP within the same minute. The IP is outside my Class A address space. From the analysis of CRv2 published at www.eeye.com this should not be possible, or at least the likelihood of such an occurence is much greater than winning a very big lottery... I should maybe buy a ticket! ;-). John Davidson ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CRv2 multiple scans from same source IP John Davidson (Aug 05)
- Re: CRv2 multiple scans from same source IP Luc Pardon (Aug 05)
- Re: CRv2 multiple scans from same source IP Chris Freeze (Aug 05)
- Re: CRv2 multiple scans from same source IP Chris Freeze (Aug 05)
- RE: CRv2 multiple scans from same source IP Gareth Hastings (Aug 06)
- Re: CRv2 multiple scans from same source IP Paul Gear (Aug 06)
- Re: CRv2 multiple scans from same source IP Valdis . Kletnieks (Aug 05)
- RE: CRv2 multiple scans from same source IP robh (Aug 05)
- Re: CRv2 multiple scans from same source IP corecode (Aug 06)
- Re: CRv2 multiple scans from same source IP Lee Smith (Aug 06)
- RE: CRv2 multiple scans from same source IP Andrew Cruse (Aug 06)
- Re: CRv2 multiple scans from same source IP Ryan Russell (Aug 06)
- Re: CRv2 multiple scans from same source IP Andy Berkheimer (Aug 06)
- Re: CRv2 multiple scans from same source IP corecode (Aug 07)
- Re: CRv2 multiple scans from same source IP Lee Smith (Aug 06)
- Re: CRv2 multiple scans from same source IP Bryan Andersen (Aug 06)
- Re: CRv2 multiple scans from same source IP Luc Pardon (Aug 05)
- <Possible follow-ups>
- RE: CRv2 multiple scans from same source IP Tim Hollebeek (Aug 06)
- RE: CRv2 multiple scans from same source IP corecode (Aug 06)