Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Anyone interested in full tcpdump trace of a Code Red breakin ?

From: Arthur Donkers <arthur () reseau nl>
Date: Thu, 19 Jul 2001 21:21:31 +0200
Hi All,

Only half an hour ago we caught some Code Red worms in our W2K honeypot.
We are analysing the tcpdump trace of the actual breakin, but in the
meantime, anyone interested in these traces (people not supporting full
disclosure could close their eyes or speed read with the 'd' button ...) ?

Arthur Donkers

--
/* Disclaimer :   you hire my skills, not my opinions, those are mine !    */
/* email : arthur () reseau nl    Security    'Me ? I'm not me ! I'm just a   */
/* phone : (+31) 50 549 2701   is not a     computer simulation of me'     */
/* URL http://www.reseau.nl   dirty word      Red Dwarf, First Episode     */


----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: