Security Incidents mailing list archives
RE: .ida Intrusion Attempt
From: "Keith.Morgan" <Keith.Morgan () Terradon com>
Date: Thu, 19 Jul 2001 13:58:25 -0400
We are seeing the probes being directed to *any* server, at random, regardless of thier DNS name. A side note, we've seen a 2000% increase in the past four hours of probes for the IDA vulnerability. All of them that I have investigated have had identical signatures, and appear to be actions of the "code red" worm.
-----Original Message----- From: Colby Rice [mailto:crice () 180096hotel com] Sent: Thursday, July 19, 2001 1:29 PM Cc: incidents () securityfocus com; focus-ids () securityfocus com Subject: RE: .ida Intrusion Attempt Has anyone else noticed that it is only hitting www. servers? or am I just lucky? I am getting many many attempts but ONLY on my www.<whatever> servers I DO have servers with port 80 open to the outside world that ARE NOT getting hit. from everything I have read on this worm it is picking its IP's at random and if that is the case then I should have been hit on something OTHER then these (few) www. servers.. (or am I missing something?) CR
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: .ida Intrusion Attempt Keith.Morgan (Jul 19)
- <Possible follow-ups>
- RE: .ida Intrusion Attempt Tulchinskiy, Sasha (Jul 19)
- Re: .ida Intrusion Attempt Sebastian Ip (Jul 19)
- Re: .ida Intrusion Attempt Kheos ml (Jul 19)
- Re: .ida Intrusion Attempt Sebastian Ip (Jul 19)
- RE: .ida Intrusion Attempt Yom, Francis (Jul 19)
- Re: .ida Intrusion Attempt Dr SuSE (Jul 19)
- Re: .ida Intrusion Attempt bugtraq (Jul 19)
- RE: .ida Intrusion Attempt Colby Rice (Jul 19)
- RE: .ida Intrusion Attempt Tim Winders (Jul 19)
- .ida Intrusion Attempt Joe Smith (Jul 19)
- Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
(Thread continues...)