[Dshield] Linux Exploit Search

craig@xeriom.net craig at xeriom.net
Wed Nov 9 12:09:26 GMT 2005


On Tue, 8 Nov 2005 23:59:11 -0500, Ian Scott <ian at pairowoodies.com> wrote:
> On November 8, 2005 09:11 pm, David Cary Hart wrote:
>> What's particularly troubling here is that there are three different
>> clients following the exact same pattern.
> <snip>
> 
> Looks like an automated scan looking for vulnerable applications. Possibly
> someone using Nexus?

It could be the an XML-RPC worm like the one reported yesterday at
http://isc.sans.org/diary.php?storyid=829

Craig



More information about the list mailing list