[Dshield] [willis@cs.tamu.edu: contact]

Dave Duchscher daved at tamu.edu
Thu Jul 19 15:34:33 GMT 2001

We have a question.  The message below was sent to
David-K-Hess at TAMU.EDU address.  This person no longer works for the
university and I would like to know where you picked up this address.
We have been trying to get all the records updated and moved over to a
role accounts but this address seems viral in nature and just doesn't
want to die.  If you can help me, I would be very grateful.



Date: Thu, 19 Jul 2001 03:41:02 -0400
Message-Id: <200107190741.f6J7f2b23291 at dshield.org>
To: David-K-Hess at TAMU.EDU
From: FB_12754 at dshield.org
Reply-To: FB_12754 at dshield.org
Subject: DShield Fightback regarding


   A user of DShield.org, the Distributed Intrusion Detection System, 
 submitted a log excerpt which indicates a probe from one of your users.
 Please notify the user and take appropriate actions to avoid further problems.

   Source IP: (port: 1549)
   Target IP: 80)
   Protocol: 6 (Flags:  ) 
   Time: 2001-07-17 23:02:41 (GMT)


NOTE: This message indicates a scan of port 80. Many sysadmins disregard
      this as regular web access. However, we find that a lot of these
      reports are caused by the recent "IIS Red Alert IDA" worm.
      Please see the bottom part of http://www.dshield.org for details.

   Original Log as submitted:

     2001-07-17 19:02:41 -4:00 -  - 1 - - 1549 - - 80 - TCP -    

   A total of 14 records in dshield's database implicate
   this IP address. These records show attacks against 14 unique
   targets. This report includes one sample of these records.

   This report was submitted to Dshield.org by KEICHMAN at CAS.ORG  

   For more information about DShield see http://www.dshield.org
   Please let us know if you would not like any further notices from DShield.org
   or if you would prefer a different format.


        fightback at dshield.org

More information about the list mailing list