mail archive intrusions.lists.dshield.org
(List home) (Recent threads) (2 other DShield lists)
Subscription Options
- RSS or Atom: Read-only subscription using a browser or aggregator. This is the recommended way if you don't need to send messages to the list. You can learn more about feed syndication and clients here.
- Conventional: All messages are delivered to your mail address, and you can reply. To subscribe, send an email to the list's subscribe (we seem to have lost it) address with "subscribe" in the subject line.
- This list contains about 969 messages, beginning Apr 2004
- This list doesn't seem to be active
intrusions.lists.dshield.org
Recent threads
Jeff.Arey at telos.com — 113509565120 Dec 2005
I am a newbie to the list, so pardon my question if it's been posted before. While monitoring my perimeter/border router Snort logs, I have notic...
stcarey at juno.com — 113448422013 Dec 2005
An embedded and charset-unspecified text was scrubbed... Name: not available Url: http://lists.sans.org/pipermail/intrusions/at......
Skorupka, Clem — 113408169608 Dec 2005
A new trend? http://cgi.ebay.com/Brand-new-Microsoft-Excel... 03336538QQcategoryZ106276QQssPageNameZWDVWQQrdZ1QQcmdZViewItem...
ocelot — 112542519330 Aug 2005
I have been noticing most of my attacts come from the Yahoo messenger Christian Chat;I have changed my name several times trying to Avoid,although zon...
Smith, Donald — 112542156630 Aug 2005
While some "attacks" have been seen coming from other countries asia does seem to be the largest contributor by FAR (east:). Donald.Smith at...
SSH brute force attacks (2 Replies)
Luc Pauwels — 112541682230 Aug 2005*
Just wondering... I've noticed that the majority of SSH brute force attacks on our systems seem to originate from Asia (India, China, Korea). Is ...
Roger A. Grimes — 112517415227 Aug 2005
--See below. --Sorry for the late reply, I've been transversing countries a lot these days. -Original Message- From: Roger A. Grimes [mailto:intr...
Evans, Arian — 112506800926 Aug 2005
<inline>[...]Starting with Win2k3/IIS 6.0, Microsoft moved the http parser into the kernel for performance. HTTP would be pre-parsed, so auth li...
Has anyone seen this? (5 Replies)
Paul Schmehl — 112500778225 Aug 2005*
We had a really strange attack the other day, and I'm wondering if anyone else might have seen something similar. The attack originated in a clas...
Evans, Arian — 112499608025 Aug 2005
> sure... That's not entirely correct. It depends entirely on *where* the overflow is. Most of IIS's overflows have been in add-on compon...
Evans, Arian — 112498613525 Aug 2005
Those look like stock Nikto checks (which is also what Nessus uses for "web app testing"). It's probably throwing a directory traversal...
Stephen Shepherd — 112498295425 Aug 2005
This particular installation is IIS6. I agree that auth would not limit the exploit of other services. Assuming anonymous access is not allowed and th...
Bob Auger — 112498199525 Aug 2005
There have been many instances of overflows/other security issues happening before the authentication state. Implementing authentication on IIS *might...
Would IIS auth prevent buffer overflow attacks (2 Replies)
Stephen Shepherd — 112498182825 Aug 2005*
If IIS authentication were enabled on a web server would it prevent buffer overflow attacks unless the attacker had valid credentials.I would think th...
Roger A. Grimes — 112495681725 Aug 2005
[Note: I'm far from an IIS security expert] There are many other issues that the different forms of authentication can address or risks that can ...
Mark McDonagh — 112488105024 Aug 2005
Hi, I have just noticed a lot of machines connecting to an irc server zomb.hopto.org, Its probably the C&C server for a botnet, Has anyone else se...
Walzer, Jeff — 112376930111 Aug 2005
Our SMTP relay server is being tagged by our IDS with the TCP SYN Host Sweep on Same Dest Port alert. Here is the raw message:xxx.xxx.xxx.xxx/3307 --...
Walzer, Jeff — 112376897311 Aug 2005
I am using the Mars appliance from Cisco (formerly Protego) for log consolidation and one thing I've noticed as of late is that an alert is gener...
unusual activity on IP based ports? (2 Replies)
man at tfhs.net — 112307443303 Aug 2005*
i have 3 boxes on same subnet on internet. each box is probed a couple times per day on a single port from 2 or 3 machines. the interesting thing is t...
GeeEm — 112300340402 Aug 2005*
Hi Everyone, I have some questions about the procedures to follow in the aftermath of a phishing attack on a website. The situation is complicated by ...