[Dshield] RE: list Digest, Vol 3, Issue 19

William Sipila william at osource.com
Fri Mar 21 18:45:36 GMT 2003


yesterday i saw a scan for:

OPTIONS * 

across every webserver that i control across 2 different ISPs; on pacbell
(64.174.x.x) and verio (206.54.x.x).  they were about 12 hours apart, so my
assumption is they ran a sequential scan across several major ISPs --- from
the same IP even.  *sigh*

i didn't get a packet capture of it, so i don't know if there was an
overflow payload, but i will be watching for more...

	- will

--\/------------------------------------------------------------ 
    Developer/SysAdmin, OUTSOURCE Consulting Services, Inc. 
    william at osource.com | www.osource.com 
--/\------------------ 

 

> -----Original Message-----
> From: list-request at dshield.org [mailto:list-request at dshield.org]
> Sent: Tuesday, March 18, 2003 09:06 AM
> To: list at dshield.org
> Subject: list Digest, Vol 3, Issue 19
>
> Date: Mon, 17 Mar 2003 16:19:19 -0500
> From: "Paul Marsh" <pmarsh at nmefdn.org>
> To: "General DShield Discussion List" <list at dshield.org>
> Subject: RE: [Dshield] new IIS / Win2K patch! critical
> Message-ID: 
> <F2FDBA643DDC8941B74487E1559C01E40EAA42 at banana-jr-6k.nmefdn.org>
> Content-Type: text/plain;
> 	charset="iso-8859-1"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 8bit
> Precedence: list
> Reply-To: General DShield Discussion List <list at dshield.org>
> Message: 4
> 
> Has any one seen any attempted exploits or scans for the 
> vulnerability?  I'd like to identify it's signature.
> 
> Thanx, Paul



More information about the list mailing list