Security Incidents mailing list archives
Re: CRv2 multiple scans from same source IP
From: corecode <corecode () corecode ath cx>
Date: Mon, 06 Aug 2001 21:39:36 +0000
At 08:51 PM 8/6/2001, Andy Berkheimer wrote:
>On Mon, 6 Aug 2001, corecode wrote: > >> it could generate the same ip address again in it's PRNG but the chance >> this happening is near 0. > >You're saying that the chance it will try a duplicate IP again later is 0? >Not quite 0... > >My logs also bear out that dupes are common.
ok. thank you for all the emails :)generating the same ip address is of course probable - more probable than with code red. but i was talking about infection attempts following right after each other. this should still be most unlikely. i don't know how one can explain these mass dupes, perhaps a proxy trying to establish a connection, or a NAT'ed network behind?
cheerz corecode ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: CRv2 multiple scans from same source IP, (continued)
- Re: CRv2 multiple scans from same source IP Chris Freeze (Aug 05)
- RE: CRv2 multiple scans from same source IP Gareth Hastings (Aug 06)
- Re: CRv2 multiple scans from same source IP Paul Gear (Aug 06)
- Re: CRv2 multiple scans from same source IP Valdis . Kletnieks (Aug 05)
- RE: CRv2 multiple scans from same source IP robh (Aug 05)
- Re: CRv2 multiple scans from same source IP corecode (Aug 06)
- Re: CRv2 multiple scans from same source IP Lee Smith (Aug 06)
- RE: CRv2 multiple scans from same source IP Andrew Cruse (Aug 06)
- Re: CRv2 multiple scans from same source IP Ryan Russell (Aug 06)
- Re: CRv2 multiple scans from same source IP Andy Berkheimer (Aug 06)
- Re: CRv2 multiple scans from same source IP corecode (Aug 07)
- Re: CRv2 multiple scans from same source IP Lee Smith (Aug 06)
- Re: CRv2 multiple scans from same source IP Bryan Andersen (Aug 06)
- Re: CRv2 multiple scans from same source IP Chris Freeze (Aug 05)
- RE: CRv2 multiple scans from same source IP Tim Hollebeek (Aug 06)
- RE: CRv2 multiple scans from same source IP corecode (Aug 06)