[Dshield] RE: GET /invalidfilename.htm
russ.washington at vaultsentry.com
Tue Jul 2 16:13:54 GMT 2002
Outbound traffic stopped or inbound? One thing to bear in mind is that
Nessus does have some "dangerous plugins" that could cause denial of
service-- maybe one of those tagged your web servers (or maybe they used
what Nessus told it to hack their way in.
I don't think you're being paranoid... I'd just check on any servers that
might have been compromised.
From: Paul Marsh [mailto:pmarsh at nmefdn.org]
Sent: Tuesday, July 02, 2002 9:01 AM
To: 'Dshield (E-mail)
Subject: [Dshield] RE: GET /invalidfilename.htm
Thanx to everyone for the info. It's a little concerning to say the least.
The port scan happened yesterday afternoon and last night for some reason
http/80 traffic stopped. I've checked all my logs and nothing out of the
ordinary and all other traffic was flowing fine but for 2 hours http/80 was
none existent. Maybe I'm just being paranoid but something smells fishy.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the list