 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
15 minutes? Wow, you live on a slow netblock ;) You are probably seeing remnants of Nimda, and CodeRed. If you set something listening on port 137, you'll also notice a metric arseload of blaster and variants attacking. All they care is that you have is an open port. You are fair game. :) If you enjoy snort and have MySQL/PHP box to play with, perhaps you can set up ACID(http://acidlab.sourceforge.net/), which is fantastic frontend to snort. ~Ben -- /"\ Ben Jackson \ / bbj <at> innismir.net - http://www.innismir.net/ X Member of the ASCII Ribbon Campaign Against HTML Mail / \ On Fri, 10 Sep 2004, Eric wrote: > I just turned on snort for the first time. It's so > cool... Within fifteen minutes I got something to > see. > > Log > Date: 09/10 04:46:01 Name: WEB-IIS ISAPI .ida attempt > Priority: 1 Type: Web Application Attack > IP info: 24.43.216.154:3351 -> 24.60.178.249:80 > References: 1 2 3 > Date: 09/10 04:46:01 Name: WEB-IIS cmd.exe access > Priority: 1 Type: Web Application Attack > IP info: 24.43.216.154:3351 -> 24.60.178.249:80 > References: none found > Date: 09/10 04:59:51 Name: WEB-IIS ISAPI .ida attempt > Priority: 1 Type: Web Application Attack > IP info: 24.60.228.112:4462 -> 24.60.178.249:80 > References: 1 2 3 > Date: 09/10 04:59:51 Name: WEB-IIS cmd.exe access > Priority: 1 Type: Web Application Attack > IP info: 24.60.228.112:4462 -> 24.60.178.249:80 > References: none found > > New stuff to check out! But why would someone do > that? I'm obviously not using windows... Is this > automated? And do you guys see this stuff constantly? > > ===== > D. Eric Chadbourne > http://caffeinated.homelinux.net/ > "Shadowman doesn't know what the heck > you just said, but you moved him." > - Shadowman. > > > > _______________________________ > Do you Yahoo!? > Shop for Back-to-School deals on Yahoo! Shopping. > http://shopping.yahoo.com/backtoschool > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://www.blu.org/mailman/listinfo/discuss >
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
