[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: Re: Now the kiddiez started playing
From: Sven Carstens <s.carstens () gmx ! de>
Date: 2001-08-05 20:58:42
[Download RAW message or body]
Am Sun, 05 Aug 2001 schrieb Sven Carstens <s.carstens@gmx.de>:
> Just sitting here and enjoying my new snort rules.
> Then a packet that reports not the codered variant
> but the plain old .ida access warning.
>
> The mandatory look into the payload reveals:
> the next variant
>
> Only occurance twice from the same ip-adress to the same ip-adress.
> The relatively quick check reveals a dial-up system that claims to use
> an apache server and SuSE-Linux.
>
> Reported him to the provider and we'll see what happens
Seems not the script kiddiez are playing after all!
It's just snort getting tired and needing a rest ?
The double check with the apache logfiles showed that on the exact time
from the exact ip a regular user was just browsing the regular web pages.
Will now treat myself (but not snort) with some sleep.
CU Sven
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic