[unisog] Coordinated Scan

Tracey Losco tal1 at its.nyu.edu
Fri Mar 22 03:07:37 GMT 2002


Hey there, Anderson,

Unfortunately, we've been able to confirm the coordination...I've 
already gotten responses back from the administrators with 
confirmation that their machines were compromised. :-(

I tend to agree with Morrow on the possibility that some new type of 
exploit could have been released...but the scanning on port 1025 and 
the coordination "rings a bell" with me but I can't remember the 
details or specifics of the incident...

Must be that I'm getting old and losing my memory...8-\

Thanks for the input.

Regards,

Tracey

At 5:04 PM -0500 3/21/2002, Anderson Johnston wrote:
>We've seen these before (though not this morning).  It's often hard to
>tell a coordinated scan from a single scanner rotating a spoofed IP
>address (unless you know that at least one of the IPs is lives in an
>egress filter policy that would stop at least one of the other IPs).
>
-- 
--------------------------------------------------------------------
Tracey Losco
Network Security Analyst		security at nyu.edu
ITS - Network Services			http://www.nyu.edu/its/security
New York University			(212) 998 - 3433

PGP Fingerprint: 8FFB FE47 6156 7BF0  B19E 462B 9DFE 51F5



More information about the unisog mailing list