Hosting Provided By

Re: New scanner?

From: Russell Fulton <r.fulton(at)auckland.ac.nz>
Date: Thu Nov 21 2002 - 23:28:09 EST

On Thu, 2002-11-21 at 04:29, Jeremy wrote:
> Hello all,

I've been seeing many variations on this scheme (but not this exact one) over the last month or so. Most that I have investigated by looking at the argus logs are clearly FxScanner (probe to tcp 57 - gives it away). This tool is really a delivery vehicle for what ever exploits you want to code into it. I.e it is easily extend and there are now many variants floating around.

Our record so far is 40,000 IIS exploits in an hour from one host delivered to web servers on campus. I can't remember if it checks to make sure it is IIS first or not.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Sun Nov 24 17:13:46 2002

This message: [ Message body ]
Next message: D.Spezialie: "Re: Port 1080"
Previous message: Valdis.Kletnieks(at)vt.edu: "Re: Proxy server hit... Any ideas?"
In reply to: Jeremy: "New scanner?"
In reply to newsletters: "RE: New scanner?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:51 EDT