Incidents Archiv Dezember 2002

• Date Index

• Re: Bad protocol version identification '^V^C^A', jm
  • RE: Bad protocol version identification '^V^C^A', Bojan Zdrnja
    • Re: Bad protocol version identification '^V^C^A', Matt Harris
  • Re: Bad protocol version identification '^V^C^A', D.C. van Moolenbroek
• RE: New scanner?, Rob Shein
• Re: TCP:80, TCP:1433 squelda 1.0 probe, Joe Stewart
  • Re: TCP:80, TCP:1433 squelda 1.0 probe, John Sage
• [Fwd: XSS on ICQ leading to password compromise], Rafael Coninck Teigao
• Incident tracking database, Danny
  • Re: Incident tracking database, Chip Mefford
    • what else you can do with worm networks...fun, profit, etc, Anton A. Chuvakin
  • Re: Incident tracking database, Paul Gillingwater
  • Re: Incident tracking database, Steven Hong
  • Re: Incident tracking database, james
  • <Possible follow-ups>
  • Re: Incident tracking database, Holger Kipp
    • Re: Incident tracking database, Russell Fulton
      • Re: Incident tracking database, Chris Adams
• recent rds vuln, Study List
• A small quandary, Mahoney, Paul
  • RE: A small quandary, Jerry Shenk
  • RE: A small quandary, Rob Shein
  • Re: A small quandary, H C
    • RE: A small quandary, Bojan Zdrnja
  • Re: A small quandary, Mike Katz
  • Re: A small quandary, gminick
  • Odd entries in my Security Router logs, Julian Young
• Black Ice small segment size FTP attack caused by FX-scanner, Curt Wilson
• netbios vuln, ohnonono
  • Re: netbios vuln, H C
  • Re: netbios vuln, Valdis . Kletnieks
  • Re: netbios vuln, Nick FitzGerald
  • <Possible follow-ups>
  • Re: netbios vuln, KoRe MeLtDoWn
• Does W2k issue an NBNS query automatically following each unsuccessful reverse DNS query?, Jack Arenberg
• high activity on port 3061 udp/tcp, Marcelo Bartsch
• Spam via proxy, listuser
  • Re: Spam via proxy, Christopher X. Candreva
  • Re: Spam via proxy, Jefferson Ogata
  • Re: Spam via proxy, J.Francois
  • Re: Spam via proxy, Volker Tanger
  • Re: Spam via proxy, jlewis
  • Re: Spam via proxy, Joe Stewart
• EBay Fraud Attempt, Logan F.D. Greenlee
  • Re: EBay Fraud Attempt, jlewis
    • Re: EBay Fraud Attempt, Chris A. Mattingly
    • Re: EBay Fraud Attempt, Kee Hinckley
  • Re: EBay Fraud Attempt, Waitman C. Gobble, II
  • <Possible follow-ups>
  • Re: EBay Fraud Attempt, Stephen Friedl
    • Re: EBay Fraud Attempt, Stephen J. Friedl
  • Fwd: EBay Fraud Attempt, Dave Laird
    • RE: EBay Fraud Attempt, Carlo Costanzo
      • Re: EBay Fraud Attempt, Dave Laird
      • Re: EBay Fraud Attempt, Mark
  • RE: EBay Fraud Attempt, george . wasgatt
  • RE: EBay Fraud Attempt, OBrien, Brennan
  • RE: EBay Fraud Attempt, Chris Gordon
• RE: Odd entries in my Security Router logs, Jim Terry
  • RE: Odd entries in my Security Router logs, Julian Young
  • <Possible follow-ups>
  • RE: Odd entries in my Security Router logs, Andrews, Jonathan (US - Hermitage)
    • Re: Odd entries in my Security Router logs, Michael Sierchio
      • RE: Odd entries in my Security Router logs, David Gillett
      • Re: Odd entries in my Security Router logs, Valdis . Kletnieks
      • Re: Odd entries in my Security Router logs, Valdis . Kletnieks
    • Re: Odd entries in my Security Router logs, James C. Slora Jr.
      • Re: Odd entries in my Security Router logs, HggdH
    • RE: Odd entries in my Security Router logs, Julian Young
• strange attractors or weaknesses in Nimda's prng, Russell Fulton
• DNS help, larosa, vjay
  • Re: DNS help, Valdis . Kletnieks
  • <Possible follow-ups>
  • RE: DNS help, larosa, vjay
    • Re: DNS help, Valdis . Kletnieks
    • Re: DNS help, Matt Zimmerman
  • RE: DNS help, Tom Arseneault
  • RE: DNS help, Faron . Golden
• Rooted, .haos on system, Damian Gerow
  • Re: Rooted, .haos on system, Damian Gerow
    • Re: Rooted, .haos on system, Damian Gerow
      • Re: Rooted, .haos on system, Mike Katz
      • Re: Rooted, .haos on system, zeno
      • Re: Rooted, .haos on system, Carlos Eduardo Pedroza Santiviago
      • Re: Rooted, .haos on system, Damian Gerow
      • Message not available
      • Re: Rooted, .haos on system, Julian Young
      • New CIFS (port 445) worm?, David Gillett
      • Re: New CIFS (port 445) worm?, Zen
    • Re[2]: Rooted, .haos on system, Oliver.C.Rochford CFH
  • Re: Rooted, .haos on system, Mattias Hedenskog
    • Re: Rooted, .haos on system, zeno
• Logs: Many hits with source port of 80, Byrne Ghavalas
  • Re: Logs: Many hits with source port of 80, Valdis . Kletnieks
  • Re: Many hits with source port of 80, Maxime Ducharme
  • RE: Logs: Many hits with source port of 80, James C Slora Jr
    • Re: Logs: Many hits with source port of 80, Byrne Ghavalas
      • Re: Logs: Many hits with source port of 80, Kevin Bowman
      • RE: Logs: Many hits with source port of 80, James C Slora Jr
  • Re: Logs: Many hits with source port of 80, Russell Fulton
  • Re: Logs: Many hits with source port of 80, Joe Stewart
• Terminal Services / TsInternetUser [RMC-RUFLVP4], Romulo M. Cholewa
• Win2k Audit Logs - What happened here?, Johnny Walker
  • Re: Win2k Audit Logs - What happened here?, H C
  • <Possible follow-ups>
  • RE: Win2k Audit Logs - What happened here?, george . wasgatt
• fswserv.html ????, James-lists
  • Re: fswserv.html ????, dev
    • Re: fswserv.html ????, Adam Bultman
      • Re: fswserv.html ????, james
  • Re: fswserv.html ????, james
• Iraq Oil worm, Stephen Friedl
• Worm on 445/tcp?, Scott A . McIntyre
  • Re: Worm on 445/tcp?, Scott Fendley
  • Re: Worm on 445/tcp?, Joe Blatz
    • Re: Worm on 445/tcp?, james
  • Re: Worm on 445/tcp?, Stephen J. Friedl
    • Re: Worm on 445/tcp?, Ryan Yagatich
  • <Possible follow-ups>
  • RE: Worm on 445/tcp?, OBrien, Brennan
  • Re: Worm on 445/tcp?, Tom . Gast
  • Re: Worm on 445/tcp?, Stephen Friedl
  • Re: Worm on 445/tcp?, Kyle Lai
• FW: Lioten Worm 135-139 and 445, Pricher Jeffrey Contr AFCA/GCF
• IRC -> smtp worm?, Joao Gouveia
  • Re: IRC -> smtp worm?, Þórhallur Hálfdánarson
  • Re: IRC -> smtp worm?, H C
  • Re: IRC -> smtp worm?, Eric Chien
• abuse of open transparent proxies, horape
• RPAT - Realtime Proxy Abuse Triangulation, Stephen Friedl
  • Re: RPAT - Realtime Proxy Abuse Triangulation, Kurt Seifried
    • Re: RPAT - Realtime Proxy Abuse Triangulation, Mathias Wegner
      • Re: RPAT - Realtime Proxy Abuse Triangulation, Jay D. Dyson
      • Re: RPAT - Realtime Proxy Abuse Triangulation, Kevin Reardon
      • RE: RPAT - Realtime Proxy Abuse Triangulation, Rob Shein
      • Re: RPAT - Realtime Proxy Abuse Triangulation, Greg Barnes
      • Re: RPAT - Realtime Proxy Abuse Triangulation, Gary Flynn
      • RE: RPAT - Realtime Proxy Abuse Triangulation, Rob Shein
      • Re: RPAT - Realtime Proxy Abuse Triangulation, Syzop
      • What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation, Gary Flynn
      • RE: What constitutes authorized server access? - was Re: RPAT - Realtime Proxy Abuse Triangulation, Rob Shein
  • <Possible follow-ups>
  • Re: RPAT - Realtime Proxy Abuse Triangulation, Stephen Friedl
  • Re: RPAT - Realtime Proxy Abuse Triangulation, Jay D. Dyson
    • Re: RPAT - Realtime Proxy Abuse Triangulation, Greg Barnes
      • Re: RPAT - Realtime Proxy Abuse Triangulation, Jay D. Dyson
      • Re: RPAT - Realtime Proxy Abuse Triangulation, Greg Barnes
      • Virus? Trojan?, David Gillett
      • Re: Virus? Trojan?, Peter Kruse
      • Re: Virus? Trojan?, Jonathan Rickman
      • Abnormally high Sub-Seven attack rate increase, Eric Kimminau
      • Re: Virus? Trojan?, Nick FitzGerald
  • Re: RPAT - Realtime Proxy Abuse Triangulation, tcleary2
• hpd, afb, sc, and sn, Gordon Chamberlin
  • Re: hpd, afb, sc, and sn, gminick
  • Re: hpd, afb, sc, and sn, Greg Barnes
  • Re: hpd, afb, sc, and sn, Brad Arlt
  • RE: hpd, afb, sc, and sn, Bojan Zdrnja
  • Re: hpd, afb, sc, and sn, deadcalm
• port 3717/udp?, Jacek Lipkowski
• Compromised System RH7.3-ICMP-STP-DoS, Ron Gedye
• TsInternetUser priv. escalation; blank passwords; service passwords, Curt Wilson
• strange traffic, securitynotice
  • RE: strange traffic, Rob Shein
• Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, alfaentomega
  • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, Pavel Kankovsky
    • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, alfaentomega
  • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, Fyodor
    • Re: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, alfaentomega
  • <Possible follow-ups>
  • RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, alfaentomega
  • RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, Charles . Fasching
    • RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, alfaentomega
    • RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, H C
  • RE: Random unprivileged TCP ports below 5000 kind-of open for a fraction of a second, Hornat, Charles
• NIMDA - ceased ? -, Tomo
  • Re: NIMDA - ceased ? -, Johannes Ullrich
  • Re: NIMDA - ceased ? -, Jay D. Dyson
  • Re: NIMDA - ceased ? -, Skip Carter
  • <Possible follow-ups>
  • Re: NIMDA - ceased ? -, Neil Dickey
    • Re: NIMDA - ceased ? -, James C. Slora Jr.
  • Re: NIMDA - ceased ? -, Roger Thompson
• PDL anti-spam blacklist, John Paul
• MS IIS 5 server is hacked leaving undeletable folders and files, Don Phillipe
• Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip), Chris