mail archive intrusions.lists.dshield.org
(List home) (Recent threads) (2 other DShield lists)
Subscription Options
- RSS or Atom: Read-only subscription using a browser or aggregator. This is the recommended way if you don't need to send messages to the list. You can learn more about feed syndication and clients here.
- Conventional: All messages are delivered to your mail address, and you can reply. To subscribe, send an email to the list's subscribe (we seem to have lost it) address with "subscribe" in the subject line.
- This list contains about 969 messages, beginning Apr 2004
- This list doesn't seem to be active
intrusions.lists.dshield.org
July 2004 - page 1
Ken.Connelly at uni.edu — 108870886501 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
jscott at rolenstarsupply.com — 108872248801 Jul 2004
Network Detect 2: Proxy scan Jun 20 00:00:00 tcp 216.232.9.229(1422) xxx.xxx.xxx.231(3127), denied Jun 20 00:00:06 tcp 220.99.138.166(4867) xxx.xxx.xx...
Smith, Donald — 108878011602 Jul 2004
Donald.Smith at qwest.com GCIA I reserve the right to be wrong but don't exercise it too often.Not very much detail. It makes it harder later to ...
Ken.Connelly at uni.edu — 108878212002 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 108888095403 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 108897962904 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Hack Able — 108900430605 Jul 2004
Hello, SnortSnarf gives me: "unknown alert format for line" for every line it sees in a snort log (fast, full, verbose, it doesn't matt...
Ken.Connelly at uni.edu — 108904523905 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 108913075406 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Sean Rooney — 108914754406 Jul 2004
We are seeing what looks like a Sasser worm (exploits port 445 netbios defects on Windows to set up shop and reproduce) but some of the origins are ac...
Ken.Connelly at uni.edu — 108919948807 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 108928986608 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 108937717309 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Lindsay van Eden — 108938194809 Jul 2004
Network Detect 1 - TCP Destination Port 0 [**] [1:524:7] BAD-TRAFFIC tcp port 0 traffic [**] [Classification: Misc activity] [Priority: 3] 07/16-19:11...
Kenworthy, Thomas E. (CIV — 108938197709 Jul 2004
The log on the PIX firewall is being flooded with these errors. (see below) What is odd is that every day the network and broadcast addresses change, ...
Phil Brossman — 108947370110 Jul 2004
Tom, I noticed something similar in my PIX log the other day. Take a look at it will you: 07-10-2004 11:31:26 Local5.Error 172.16.1.12 %PIX-3-305005: ...
Ken.Connelly at uni.edu — 108947735110 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 108954834011 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Vilaiporn Taweelappontong — 108955383411 Jul 2004*
Dear all This is a second attempt to post the assignment. I would really appreciate if someone could give me comments on my analysis. Thank you very m...
Need help to identify a trojan (3 Replies)
Maxime Ducharme — 108958283411 Jul 2004*
Hi to the list, one of our customer's servers have been compromised and I'd need help to identify trojan used. Here is the server's set...
Breault.SM at forces.gc.ca — 108958465211 Jul 2004
Hi hope this helps, >cut from your detect 3. Probability the source address was spoofed HTTP session requires a complete 3-way handshake. This pack...
Ken.Connelly at uni.edu — 108963441112 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Eric Beaudoin — 108964746612 Jul 2004
Try <http://secunia.com/domino>. That should get you started (for the past vulnerabilities part). Hope that helps. ?ric Beaudoin Senior Advisor,...
Mohan Chirumamilla — 108966379312 Jul 2004
Please ignore my comments if you think that I am wrong. - Original Message - From: Mohan Chirumamilla To: Sent: Saturday, July 10, 2004 9:30 PM Subjec...
Mohan Chirumamilla — 108966403712 Jul 2004
is > '90' (NOP bytes usually used by shellcode) which seemsWhat makes you think that the attacker did not craft his packets with these ...
Ken.Connelly at uni.edu — 108972753213 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Barnett, Ryan C. (EDS — 108973772713 Jul 2004
Greetings All, I am submitting this information as part of the GCIA Practical Assignment. For my practical, I received authorization to use the data t...
Distributed scan (2 Replies)
sekure — 108974652913 Jul 2004*
Looking over some log files, check out this distributed scan i got hit with over the weekend. Snort caught most of it, the rest i had to fish out of h...
Ken.Connelly at uni.edu — 108984043614 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
lola marais — 108984345914 Jul 2004
hi lindsay, what can be said about the time, seq numbers and the TTL (use the -vv option) of these packets? what do we know about the default source p...
Ken.Connelly at uni.edu — 108989772015 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 108998101416 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Benjamin Fabian — 109010033917 Jul 2004
Hi all, this is the sketch of my GIAC detect from http://isc.sans.org/logs/Raw/. Comments and feedback highly appreciated; be kind ;-) Best regards, B...
Ken.Connelly at uni.edu — 109019163218 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
sekure — 109024315619 Jul 2004
I am registering a significant uptick in 135/tcp SYNs. This started over the weekend and is continuing steadily. Is anyone else noticing this? Which o...
Ken.Connelly at uni.edu — 109024504319 Jul 2004*
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
1a2ksu at comcast.net — 109026261619 Jul 2004*
Source of Trace: Incidents.org The files that were analyzed and which the relevant portions of which are excerpted below were generated by loading the...
Ken.Connelly at uni.edu — 109028456520 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Stef — 109033160620 Jul 2004*
As I do not deem possible (for the foreseeable future) to obtain any financial relief for travelling to a SANS conference, I was looking into getting ...
Rick.Wanner at sasktel.sk.ca — 109033352320 Jul 2004
I too am a Local Mentor for Track 2 (GCFW) and will probably be doing a Track 1 (GSEC) in the fall as well. Altogether I have mentored three sessions,...
Niem, Tu C — 109033536820 Jul 2004
The SANS Local Mentor Program really does a good job at reinforcing the course material and saving the student/student's company money in travel ...
Butterworth, Jim — 109033950420 Jul 2004
Stef, I've taken conference sessions, online training, and local mentor lead training. Of the three, the one I prefer is the conference sessions....
Ken.Connelly at uni.edu — 109035769520 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 109040894721 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 109050639822 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
jimmie mac — 109051218622 Jul 2004
We just had a burst of traffic over 100Mb/s come in our front door. Here is a capture is snort output: =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=...
Ken.Connelly at uni.edu — 109058322423 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 109067875124 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Ken.Connelly at uni.edu — 109077446125 Jul 2004
The following extracts show the beginning and ending of scan activity was detected on my network. The number following each set is the total number of...
Kyle Maxwell — 109078854425 Jul 2004
Following is the first detect and analysis for my GCIA practical; comments and suggestions are welcomed and requested. Referenced URLs are at the end ...