[Dshield] Target list acquisition? Pre-deployment preparation?
ed.truitt at etee2k.net
Fri Nov 8 17:41:07 GMT 2002
I've seen CR before, and in fact I did have some in the logs. These probes
aren't part of a CR attempt, they are coming in by themselves (not with any
other requests.) I was providing them at Johannes' request, I think he is
looking for source IPs for this particular scan activity.
The other one I mentioned was interesting, because apparently they are
looking for a specific type of box (a Sun Cobalt RAQ server appliance), and
I am just curious if anyone knows of an exploit specific to this type of
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
----- Original Message -----
From: "Jansen, Lise" <Lise.Jansen at qunara.com>
To: <list at dshield.org>
Sent: Friday, November 08, 2002 8:13 AM
Subject: RE: [Dshield] Target list acquisition? Pre-deployment preparation?
> Looks to me that it could be a Code Red attemp, the script.exe attemp let
me believe that it is a code red variant of some sort.
> You could have a look at the following link, it provides a sample log of a
code red attack.
> Lise J.
> -----Original Message-----
> From: Ed Truitt [mailto:ed.truitt at etee2k.net]
> Sent: Friday, November 08, 2002 8:25 AM
> To: list at dshield.org
> Subject: Re: [Dshield] Target list acquisition? Pre-deployment
> Here are some entries I found:
More information about the list