[Dshield] Target list acquisition? Pre-deployment preparation?

Ed Truitt ed.truitt at etee2k.net
Fri Nov 8 17:41:07 GMT 2002


I've seen CR before, and in fact I did have some in the logs.  These probes
aren't part of a CR attempt, they are coming in by themselves (not with any
other requests.)  I was providing them at Johannes' request, I think he is
looking for source IPs for this particular scan activity.

The other one I mentioned was interesting, because apparently they are
looking for a specific type of box (a Sun Cobalt RAQ server appliance), and
I am just curious if anyone knows of an exploit specific to this type of
server.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "Jansen, Lise" <Lise.Jansen at qunara.com>
To: <list at dshield.org>
Sent: Friday, November 08, 2002 8:13 AM
Subject: RE: [Dshield] Target list acquisition? Pre-deployment preparation?


> Looks to me that it could be a Code Red attemp, the script.exe attemp let
me believe that it is a code red variant of some sort.
>
> You could have a look at the following link, it provides a sample log of a
code red attack.
>
> http://www.bsdhost.net/
>
> Lise J.
>
> -----Original Message-----
> From: Ed Truitt [mailto:ed.truitt at etee2k.net]
> Sent: Friday, November 08, 2002 8:25 AM
> To: list at dshield.org
> Subject: Re: [Dshield] Target list acquisition? Pre-deployment
> preparation?
>
>
> Here are some entries I found:
[snip]




More information about the list mailing list