[Dshield] Anyone else??

TranceDylan trancedylan at blueyonder.co.uk
Tue Jul 2 19:40:48 GMT 2002


d'oh
and
what a lovely {grin}
td

----- Original Message -----
From: "John Hardin" <johnh at aproposretail.com>
To: "DShield mailing list" <list at dshield.org>
Sent: Tuesday, July 02, 2002 4:42 PM
Subject: Re: [Dshield] Anyone else??


> On Tue, 2002-07-02 at 07:31, TranceDylan wrote:
> >
> > It's just a shot in the dark, but have you ruled out someone on the
network
> > attaching to "windows update" and then quitting the conn b4 the update
has
> > completed?
>
> That wouldn't generate traffic to a local port 80.
>
> > > Is anyone else seeing continuous (non-stop) traffic from
207.46.138.20, it
> > > is hitting our network block and looking for port 80?
> > >
> > > Microsoft (NETBLK-MICROSOFT-GLOBAL-NET)
> > >    One Redmond Way
> > >    Redmond, WA 98052
> > >    US
> > >
> > >    Netname: MICROSOFT-GLOBAL-NET
> > >    Netblock: 207.46.0.0 - 207.46.255.255
>
> Got any packet captures? Save 'em. Good fodder for a news article: "MS
> corporate systems compromised by IIS worm."
>
> {evil grin}
>
> --
> John Hardin                                   <johnh at aproposretail.com>
> Internal Systems Administrator                    voice: (425) 672-1304
> Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
> -----------------------------------------------------------------------
>   Pay Per Boot is the logical goal of Microsoft's Palladium "secure
>   computing" platform.
> -----------------------------------------------------------------------
>  15 days until Apropos Forum 2002
>
>




More information about the list mailing list