Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CRv2 multiple scans from same source IP

From: corecode <corecode () corecode ath cx>
Date: Mon, 06 Aug 2001 21:39:36 +0000
At 08:51 PM 8/6/2001, Andy Berkheimer wrote:


>On Mon, 6 Aug 2001, corecode wrote:
>
>> it could generate the same ip address again in it's PRNG but the chance
>> this happening is near 0.
>
>You're saying that the chance it will try a duplicate IP again later is 0?
>Not quite 0...
>
>My logs also bear out that dupes are common.


ok. thank you for all the emails :)
generating the same ip address is of course probable - more probable than with code red. but i was talking about infection attempts following right after each other. this should still be most unlikely. i don't know how one can explain these mass dupes, perhaps a proxy trying to establish a connection, or a NAT'ed network behind? 

cheerz
  corecode


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: