Security Incidents mailing list archives

RE: .ida Intrusion Attempt

From: "Tulchinskiy, Sasha" <STulchinskiy () aspensys com>
Date: Thu, 19 Jul 2001 14:19:30 -0400

That is not correct (unfortunately).
We have servers attacked with URLs other than www.something...

-----Original Message-----
From: Colby Rice [mailto:crice () 180096hotel com]
Sent: Thursday, July 19, 2001 1:29 PM
Cc: incidents () securityfocus com; focus-ids () securityfocus com
Subject: RE: .ida Intrusion Attempt

Has anyone else noticed that it is only hitting www. servers? or am I
just lucky? I am getting many many attempts but ONLY on my
www.<whatever> servers I DO have servers with port 80 open to the
outside world that ARE NOT getting hit. from everything I have read on
this worm it is picking its IP's at random and if that is the case then
I should have been hit on something OTHER then these (few) www.
servers.. 

(or am I missing something?)

                CR

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Current thread:

RE: .ida Intrusion Attempt Keith.Morgan (Jul 19)
- <Possible follow-ups>
- RE: .ida Intrusion Attempt Tulchinskiy, Sasha (Jul 19)
  - Re: .ida Intrusion Attempt Sebastian Ip (Jul 19)
    - Re: .ida Intrusion Attempt Kheos ml (Jul 19)
- RE: .ida Intrusion Attempt Yom, Francis (Jul 19)
- Re: .ida Intrusion Attempt Dr SuSE (Jul 19)
  - Re: .ida Intrusion Attempt bugtraq (Jul 19)
- RE: .ida Intrusion Attempt Colby Rice (Jul 19)
  - RE: .ida Intrusion Attempt Tim Winders (Jul 19)
- .ida Intrusion Attempt Joe Smith (Jul 19)
  - Re: .ida Intrusion Attempt Martin Roesch (Jul 19)
    - Re: .ida Intrusion Attempt Joe Smith (Jul 19)

(Thread continues...)