Hosting Provided By

Mailing List Archive For incidents@securityfocus.com Feb 2003 By Thread

Spammers? Christopher Wagner (Thu Feb 27 2003 - 13:11:08 EST)
Backdoor ?? "Girlnextdoor_" TCP Ports 1025/1028 Salomao Barguil (Thu Feb 27 2003 - 19:40:23 EST)
Re: Interesting Rafael Coninck Teigao (Fri Feb 28 2003 - 12:38:35 EST)
RE: Possible new backdoor: mspx-smss.exe ? Leonard.Ong(at)nokia.com (Thu Feb 27 2003 - 15:24:39 EST)
TCP 445 Scan? Charles Hamby (Thu Feb 27 2003 - 13:25:29 EST)
Re: Interesting Stephen J. Friedl (Thu Feb 27 2003 - 11:13:02 EST)
Re: Possible new backdoor: mspx-smss.exe ? Sven Pechler (Wed Feb 26 2003 - 16:19:15 EST)
Interesting http-equiv(at)excite.com (Wed Feb 26 2003 - 15:01:34 EST)
Re: More /sumthin D.C. van Moolenbroek (Wed Feb 26 2003 - 19:59:08 EST)
RE: Weird Windows logon attempts Mary McAllister (Wed Feb 26 2003 - 17:09:25 EST)
RE: More /sumthin Jonathan A. Zdziarski (Wed Feb 26 2003 - 16:14:37 EST)
Re: More /sumthin Philipp Hug (Wed Feb 26 2003 - 09:23:17 EST)
RE: Weird apache logs NESTING, DAVID M (SBCSI) (Wed Feb 26 2003 - 14:15:59 EST)
RE: Weird apache logs Carmen Tache (Wed Feb 26 2003 - 14:09:43 EST)
Weird apache logs Travis Read (Tue Feb 25 2003 - 20:57:20 EST)
Remote Access Software (Wireless Devices) Holstein, Michael (Tue Feb 25 2003 - 13:00:00 EST)
Re: Weird Windows logon attempts Russell Fulton (Tue Feb 25 2003 - 18:14:56 EST)
Incident Focus Area Article Announcement Dan Hanson (Tue Feb 25 2003 - 19:14:22 EST)
Re: Weird Windows logon attempts H C (Mon Feb 24 2003 - 06:38:10 EST)
RE: Web server crashed, now is trying to contact an IP by port 80 every morning. Levinson, Karl (Tue Feb 25 2003 - 08:21:25 EST)
RE: Web server crashed, now is trying to contact an IP by port 80 every morning. Dan Harpold (Mon Feb 24 2003 - 20:19:38 EST)
Re: Web server crashed, now is trying to contact an IP by port 80 every morning. lsi (Mon Feb 24 2003 - 19:30:29 EST)
Re: ICQ problem. Rafael Coninck Teigao (Mon Feb 24 2003 - 15:51:28 EST)
Web server crashed, now is trying to contact an IP by port 80 every morning. Dan Harpold (Sun Feb 23 2003 - 22:20:01 EST)
RE: Weird Windows logon attempts Terence Runge (Mon Feb 24 2003 - 02:00:50 EST)
Re: Weird Windows logon attempts Bojan Zdrnja (Mon Feb 24 2003 - 04:07:55 EST)
Re: Weird Windows logon attempts Jacco Tunnissen (Sun Feb 23 2003 - 22:08:42 EST)
Weird Windows logon attempts Harry Hoffman (Sun Feb 23 2003 - 19:27:54 EST)
RE: Weird Profile in Documents and Settings Christopher Hummert (Sat Feb 22 2003 - 16:36:58 EST)
Re: ICQ problem. bob (Fri Feb 21 2003 - 23:01:19 EST)
RE: Weird Profile in Documents and Settings Austin Ehlers (Fri Feb 21 2003 - 23:14:48 EST)
Re: Weird Profile in Documents and Settings Patrick R. Sweeney (Fri Feb 21 2003 - 18:36:12 EST)
Re: Scans on TCP port 135 Dave Aitel (Fri Feb 21 2003 - 17:00:59 EST)
Possible new backdoor: mspx-smss.exe ? Sven Pechler (Fri Feb 21 2003 - 06:57:16 EST)
Re[2]: Weird Profile in Documents and Settings Jyri Hovila (Fri Feb 21 2003 - 13:10:58 EST)
Re: Weird Profile in Documents and Settings Gene Yoo (Thu Feb 20 2003 - 22:34:40 EST)
ICQ problem. Thiago Madeira de Lima (Fri Feb 21 2003 - 12:26:59 EST)
Questions: LKM, yoyo & rootkits Gordon Ewasiuk (Fri Feb 21 2003 - 08:31:43 EST)
FTimes 3.2.0 Released Klayton Monroe (Fri Feb 21 2003 - 05:03:47 EST)
WebJob 1.2.3 Released Klayton Monroe (Fri Feb 21 2003 - 04:42:00 EST)
Possible stateful filtering problem? Security (Fri Feb 21 2003 - 05:29:16 EST)
Re: Weird Profile in Documents and Settings Anders Thulin (Fri Feb 21 2003 - 03:20:27 EST)
RE: Weird Profile in Documents and Settings Lucas Zaichkowsky (Thu Feb 20 2003 - 18:08:40 EST)
Scans on TCP port 135 Kevin Patz (Thu Feb 20 2003 - 16:12:04 EST)
RE: Weird Profile in Documents and Settings Rob Shein (Thu Feb 20 2003 - 11:18:38 EST)
Re: Distributed spam-based DoS in progress Rohan Amin (Thu Feb 20 2003 - 00:04:43 EST)
Weird Profile in Documents and Settings Greg Wiedeman (Thu Feb 20 2003 - 06:38:16 EST)
Dead thread -- Distributed spam-based DoS in progress Dan Hanson (Wed Feb 19 2003 - 22:46:18 EST)
RE: Distributed spam-based DoS in progress Steve Drees (Wed Feb 19 2003 - 14:43:55 EST)
RE: Distributed spam-based DoS in progress Dave Hart (Wed Feb 19 2003 - 02:26:37 EST)
Re: port 17300 probe fingerprint analysis william.miller(at)gsa.gov (Wed Feb 19 2003 - 07:30:17 EST)
RE: Distributed spam-based DoS in progress Hugo van der Kooij (Wed Feb 19 2003 - 01:49:55 EST)
Re: Distributed spam-based DoS in progress Transistor Sister (Tue Feb 18 2003 - 21:35:33 EST)
Re: Distributed spam-based DoS in progress Kee Hinckley (Tue Feb 18 2003 - 18:05:57 EST)
Re: Distributed spam-based DoS in progress Valdis.Kletnieks(at)vt.edu (Tue Feb 18 2003 - 14:48:38 EST)
RE: Distributed spam-based DoS in progress Dave Hart (Tue Feb 18 2003 - 14:28:30 EST)
Re: Kuang2 strikes again, is it just me? Kevin Patz (Tue Feb 18 2003 - 13:59:17 EST)
Re: Distributed spam-based DoS in progress Hugo van der Kooij (Tue Feb 18 2003 - 01:48:20 EST)
Re: port 17300 probe fingerprint analysis John Sage (Tue Feb 18 2003 - 10:06:36 EST)
port 17300 probe fingerprint analysis Royans Tharakan (Mon Feb 17 2003 - 23:00:31 EST)
Distributed spam-based DoS in progress Transistor Sister (Mon Feb 17 2003 - 20:25:19 EST)
Re: www.nopop.net Jon Rublack (Mon Feb 17 2003 - 20:00:51 EST)
RE: www.nopop.net Brad Griffin (Mon Feb 17 2003 - 17:27:01 EST)
Re: Kuang2 strikes again, is it just me? Paul Dokas (Mon Feb 17 2003 - 12:57:34 EST)
www.nopop.net Pascal Bouchareine (Mon Feb 17 2003 - 10:42:11 EST)
Re: Web Defacement Alberto Cozer (Mon Feb 17 2003 - 13:56:25 EST)
RE: Kuang2 strikes again, is it just me? Tim Heagarty (Mon Feb 17 2003 - 00:16:39 EST)
mIRC Trojan Variant - port 445 worm/Trojan kyle(at)kylelai.com (Sun Feb 16 2003 - 17:49:50 EST)
RE: Kuang2 strikes again, is it just me? Trevor Metzger (Sun Feb 16 2003 - 18:28:36 EST)
Re: ano@ano.com ftpd dip.t-dialin.net Scott Harris (Sun Feb 16 2003 - 14:51:40 EST)
Re: Kuang2 strikes again, is it just me? Jeff (Sun Feb 16 2003 - 12:39:10 EST)
Re: Kuang2 strikes again, is it just me? Jasmine (Sun Feb 16 2003 - 09:00:48 EST)
Re: Kuang2 strikes again, is it just me? Johannes Ullrich (Sat Feb 15 2003 - 23:18:13 EST)
RE: Kuang2 strikes again, is it just me? Rob Shein (Sat Feb 15 2003 - 23:02:48 EST)
Kuang2 strikes again, is it just me? Jeff Kell (Sat Feb 15 2003 - 20:35:02 EST)
Incidents list administrivia and introductions... Dan Hanson (Sat Feb 15 2003 - 19:13:42 EST)
Re: ICMP Destination Unreachable, Administratively Prohibited Valdis.Kletnieks(at)vt.edu (Fri Feb 14 2003 - 11:11:35 EST)
Re: ICMP Destination Unreachable, Administratively Prohibited Anthony Kim (Fri Feb 14 2003 - 11:02:41 EST)
Re: S4T4N1C Web Defacement security(at)imperialdesigns.com (Fri Feb 14 2003 - 08:36:39 EST)
Re: Web Defacement Ricardo Castanho de Oliveira Freitas (Fri Feb 14 2003 - 07:50:16 EST)
Spies on Your PC HDrv Mr.Day (Fri Feb 14 2003 - 01:33:19 EST)
Re: ICMP Destination Unreachable, Administratively Prohibited Anders Thulin (Fri Feb 14 2003 - 02:12:18 EST)
Re: ICMP Destination Unreachable, Administratively Prohibited Russell Fulton (Thu Feb 13 2003 - 18:38:32 EST)
Re: ICMP Destination Unreachable, Administratively Prohibited Chris Brenton (Thu Feb 13 2003 - 18:26:46 EST)
Re: S4T4N1C Web Defacement Michel Angelo da Silva Pereira (Thu Feb 13 2003 - 17:58:20 EST)
ICMP Destination Unreachable, Administratively Prohibited Neil Dickey (Thu Feb 13 2003 - 17:35:11 EST)
Summary of the responses (4 line ad) Alfred Huger (Thu Feb 13 2003 - 16:48:43 EST)
RE: S4T4N1C Web Defacement Dan Perez (Thu Feb 13 2003 - 15:40:06 EST)
RE: FTP/Port 1038 perrieror(at)ssginfo.montclair.edu (Thu Feb 13 2003 - 15:18:24 EST)
Re: S4T4N1C Web Defacement HggdH (Thu Feb 13 2003 - 14:43:11 EST)
Re: UDP traffic on Port 52798 H C (Thu Feb 13 2003 - 13:32:33 EST)
Re: S4T4N1C Web Defacement Michel Angelo da Silva Pereira (Thu Feb 13 2003 - 13:35:34 EST)
UDP traffic on Port 52798 Kenneth Wilson (Thu Feb 13 2003 - 09:01:58 EST)
S4T4N1C Web Defacement Christopher Lyon (Thu Feb 13 2003 - 03:23:40 EST)
webserver probes for php detection Alexander Reelsen (Thu Feb 13 2003 - 08:10:03 EST)
Re: ftp server compromised psion (Thu Feb 13 2003 - 01:52:56 EST)
RE: ftp server compromised Denis Dimick (Thu Feb 13 2003 - 00:45:35 EST)
Re: ftp server compromised David Hodges (Wed Feb 12 2003 - 22:33:18 EST)
Re: ftp server compromised Tibor Biro (Wed Feb 12 2003 - 21:10:11 EST)
RE: ftp server compromised Mark E. Donaldson (Wed Feb 12 2003 - 21:31:48 EST)
ftp server compromised rbelchez(at)show-net.net (Wed Feb 12 2003 - 20:20:47 EST)
The 4 line ad at the bottom of this post.. Alfred Huger (Wed Feb 12 2003 - 19:32:12 EST)
RE: Traffic on UDP 1815 Mark E. Donaldson (Tue Feb 11 2003 - 23:50:56 EST)
Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... Chuck Swiger (Tue Feb 11 2003 - 22:00:01 EST)
RE: Traffic on UDP 1815 Sahr, Kenneth (Wed Feb 12 2003 - 08:14:27 EST)
Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... jet (Wed Feb 12 2003 - 02:19:54 EST)
Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... root(at)darks (Tue Feb 11 2003 - 20:46:48 EST)
Re: logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... Richard Rager (Tue Feb 11 2003 - 13:46:29 EST)
Re: Identity theft scam against eBay users Patrick Bryant (Tue Feb 11 2003 - 13:56:24 EST)
RE: ALEVRIUS! Anders Reed Mohn (Tue Feb 11 2003 - 11:41:23 EST)
Traffic on UDP 1815 Sahr, Kenneth (Tue Feb 11 2003 - 10:21:12 EST)
Re: Identity theft scam against eBay users Thomas Giudice (Tue Feb 11 2003 - 06:32:48 EST)
Re: Identity theft scam against eBay users Nick FitzGerald (Mon Feb 10 2003 - 23:46:39 EST)
Re: Identity theft scam against eBay users Patrick Bryant (Mon Feb 10 2003 - 20:29:43 EST)
logfiles of openssl-0.9.6e + GET_CLIENT_HELLO exploit... Chuck Swiger (Mon Feb 10 2003 - 19:45:53 EST)
RE: Increased Kuang2 activity Thierry Zoller (Mon Feb 10 2003 - 19:26:02 EST)
Re: Identity theft scam against eBay users Matthew Breitenstine (Mon Feb 10 2003 - 19:17:48 EST)
Re: Identity theft scam against eBay users Jordan K Wiens (Mon Feb 10 2003 - 19:17:22 EST)
Re: Increased Kuang2 activity Kurt Seifried (Mon Feb 10 2003 - 20:04:12 EST)
Identity theft scam against eBay users Patrick Bryant (Mon Feb 10 2003 - 17:50:37 EST)
RE: Increased Kuang2 activity James C Slora Jr (Mon Feb 10 2003 - 16:35:52 EST)
Correction: www.ethereal.com not www.ethereal.org RE: Suspicious file on Desktop Eric Greenberg (Mon Feb 10 2003 - 16:34:09 EST)
RE: Suspicious file on Desktop Brenna Primrose (Mon Feb 10 2003 - 16:12:24 EST)
RE: Increased Kuang2 activity James C Slora Jr (Mon Feb 10 2003 - 15:42:53 EST)
RE: Increased Kuang2 activity Baklarz, Ron (Mon Feb 10 2003 - 15:01:54 EST)
RE: Increased Kuang2 activity Logan F.D. Greenlee (Mon Feb 10 2003 - 13:37:29 EST)
Re: Suspicious file on Desktop PAUL_TAYLOR(at)qvc.com (Mon Feb 10 2003 - 12:11:54 EST)
RE: Increased Kuang2 activity davec(at)skooter.net (Mon Feb 10 2003 - 12:13:00 EST)
RE: Increased Kuang2 activity Jennifer Fountain (Mon Feb 10 2003 - 12:00:18 EST)
RE: Increased Kuang2 activity Rev. Kronovohr (Mon Feb 10 2003 - 12:01:03 EST)
RE: Suspicious file on Desktop Michael LaSalvia (Mon Feb 10 2003 - 11:58:56 EST)
RE: Increased Kuang2 activity Jason Dixon (Mon Feb 10 2003 - 11:57:24 EST)
RE: Suspicious file on Desktop Eric Greenberg (Mon Feb 10 2003 - 11:54:58 EST)
Re: Increased Kuang2 activity Johannes Ullrich (Mon Feb 10 2003 - 11:55:45 EST)
RE: Increased Kuang2 activity Logan F.D. Greenlee (Mon Feb 10 2003 - 11:46:16 EST)
Suspicious file on Desktop Patrick Fish (Mon Feb 10 2003 - 05:12:14 EST)
Increased Kuang2 activity Jason Dixon (Sun Feb 09 2003 - 19:01:23 EST)
Kuang2 on the rise... Jeff Kell (Sun Feb 09 2003 - 01:23:00 EST)
RE: ALEVRIUS! NetSec Analyst (Fri Feb 07 2003 - 18:36:39 EST)
RE: ALEVRIUS! Salisko, Rick (Fri Feb 07 2003 - 14:29:24 EST)
RE: ALEVRIUS! Anders Reed Mohn (Fri Feb 07 2003 - 07:06:47 EST)
RE: email address probes Rob Shein (Thu Feb 06 2003 - 19:54:52 EST)
RE: ALEVRIUS! James C Slora Jr (Thu Feb 06 2003 - 18:43:51 EST)
Re: email address probes Andy Bastien (Fri Feb 07 2003 - 12:16:53 EST)
Re: email address probes Brad Arlt (Fri Feb 07 2003 - 12:29:02 EST)
RE: ALEVRIUS! Rob Shein (Thu Feb 06 2003 - 18:31:32 EST)
Re: FW: Packets from 255.255.255.255(80) (was: Packet from port 80 wi th spoofed microsoft.com ip) Alif The Terrible (Thu Feb 06 2003 - 17:54:32 EST)
Re: Netbios Name Scans/opaserv worm H C (Thu Feb 06 2003 - 17:02:50 EST)
ALEVRIUS! Geert Kiers (Thu Feb 06 2003 - 13:39:28 EST)
Re: email address probes james (Thu Feb 06 2003 - 12:49:09 EST)
Netbios Name Scans/opaserv worm rocky_scotti(at)na.dole.com (Thu Feb 06 2003 - 12:49:07 EST)
Re: email address probes Axel Beckert - ecos gmbh (Thu Feb 06 2003 - 12:30:15 EST)
Re: email address probes Ned Fleming (Thu Feb 06 2003 - 10:07:05 EST)
Re: email address probes Dave Laird (Thu Feb 06 2003 - 02:57:41 EST)
RE: email address probes Johann Kruse (Wed Feb 05 2003 - 19:08:44 EST)
Re: email address probes Greg A. Woods (Wed Feb 05 2003 - 18:04:44 EST)
Re: email address probes Brad Arlt (Wed Feb 05 2003 - 17:26:12 EST)
Re: email address probes Kee Hinckley (Wed Feb 05 2003 - 21:01:26 EST)
email address probes Andy Bastien (Wed Feb 05 2003 - 15:54:19 EST)
Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Meritt James (Wed Feb 05 2003 - 09:35:44 EST)
RE: Packets from 255.255.255.255(80) (was: Packet from port 80 wi th spoofed microsoft.com ip) Fitzgerald, John (Wed Feb 05 2003 - 04:44:38 EST)
RE: Packets from 255.255.255.255(80) (was: Packet from port 80 wi th spoofed microsoft.com ip) Fitzgerald, John (Wed Feb 05 2003 - 04:51:14 EST)
Re: DoS Attacks, Detecting the Source, and Service Providers H C (Tue Feb 04 2003 - 15:44:06 EST)
RE: DoS Attacks, Detecting the Source, and Service Providers Rob Shein (Tue Feb 04 2003 - 13:56:13 EST)
RE: FTP/Port 1038 Boyan Krosnov (Tue Feb 04 2003 - 17:26:41 EST)
FTP/Port 1038 Hoof Hearted (Tue Feb 04 2003 - 13:49:55 EST)
Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Christian Vogel (Tue Feb 04 2003 - 13:46:33 EST)
RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) James Kelly (Tue Feb 04 2003 - 13:26:56 EST)
Re: Speedera Ping, was "Packets from 255.255.255.255(80), etc." Joe Stewart (Tue Feb 04 2003 - 13:59:57 EST)
Re: DoS Attacks, Detecting the Source, and Service Providers james (Tue Feb 04 2003 - 13:35:53 EST)
RE: Packets from 255.255.255.255(80) (was: Packet from port 80 wi th spoofed microsoft.com ip) Tom Arseneault (Mon Feb 03 2003 - 14:22:36 EST)
Re: Packet from port 80 with spoofed microsoft.com ip zmajd fully (Mon Feb 03 2003 - 18:27:59 EST)
Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Valdis.Kletnieks(at)vt.edu (Mon Feb 03 2003 - 14:04:52 EST)
DoS Attacks, Detecting the Source, and Service Providers Hamid (Mon Feb 03 2003 - 16:39:32 EST)
Speedera Ping, was "Packets from 255.255.255.255(80), etc." Neil Dickey (Mon Feb 03 2003 - 11:53:03 EST)
Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Frederic Harster (Mon Feb 03 2003 - 10:56:23 EST)
More /sumthin, maybe Sverre H. Huseby (Mon Feb 03 2003 - 03:52:54 EST)
Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Geert Kiers (Sun Feb 02 2003 - 12:45:32 EST)
RE: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Joel Tyson (Mon Feb 03 2003 - 10:40:02 EST)
Re: Packets from 255.255.255.255(80) Guy Reisenauer (Sun Feb 02 2003 - 15:27:04 EST)
Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Hugo van der Kooij (Sun Feb 02 2003 - 12:33:12 EST)
Re: /sumthin Revisited H D Moore (Sat Feb 01 2003 - 15:59:50 EST)

182 messages sort by: [ author ] [ date ] [ subject ] [ attachment ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:18 EDT