|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: New attack or old Vulnerability Scanner?
From: James C. Slora, Jr. <James.Slora(at)fairfax.phra.com>
Date: Fri Apr 25 2003 - 15:00:56 EDT
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents
Received on Mon Apr 28 12:56:39 2003
Date: Fri Apr 25 2003 - 15:00:56 EDT
Mark Embrich wrote Thursday, April 24, 2003 7:44 PM
> Does anyone recognize this pattern of a TCP connect scan, then 65 GETs?
I don't know the tool, but I have seen a similar and possibly related scan before. http://cert.uni-stuttgart.de/archive/intrusions/2002/07/msg00119.html
- Indy.Library in user-agent
- Nimda-like directory traversal attempts
- Looks for shell.exe and root.exe and cmd.exe
Mine appeared to come from a Windows box, so I don't think it's a NIX only tool.
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents
Received on Mon Apr 28 12:56:39 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:04 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |