[Dshield] RE: GET /invalidfilename.htm

Russell Washington russ.washington at vaultsentry.com
Tue Jul 2 16:13:54 GMT 2002


Outbound traffic stopped or inbound?  One thing to bear in mind is that
Nessus does have some "dangerous plugins" that could cause denial of
service-- maybe one of those tagged your web servers (or maybe they used
what Nessus told it to hack their way in.
 
I don't think you're being paranoid... I'd just check on any servers that
might have been compromised.

-----Original Message-----
From: Paul Marsh [mailto:pmarsh at nmefdn.org] 
Sent: Tuesday, July 02, 2002 9:01 AM
To: 'Dshield (E-mail)
Subject: [Dshield] RE: GET /invalidfilename.htm



Thanx to everyone for the info.  It's a little concerning to say the least.
The port scan happened yesterday afternoon and last night for some reason
http/80 traffic stopped.  I've checked all my logs and nothing out of the
ordinary and all other traffic was flowing fine but for 2 hours http/80 was
none existent.  Maybe I'm just being paranoid but something smells fishy.

Thanx, Paul 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20020702/43caf6cd/attachment.htm


More information about the list mailing list