/ Forside / Teknologi / Internet / Sikkerhed / Nyhedsindlæg
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
Orm ?
Fra : Nielsen


Dato : 20-07-01 16:39

Hej lige et lille udpluk fra min Firewall:

Jul 20 15:39:33 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61661 -> 193.0.0.203:80

Jul 20 15:39:34 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61662 -> 193.0.0.203:80

Jul 20 15:39:34 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61661 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61662 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61662 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61663 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61662 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61663 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61664 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61665 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61664 -> 193.0.0.203:80

Jul 20 15:39:36 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61665 -> 193.0.0.203:80


Er det den berygtede "Orm" der har været i gang her ?

Det er tilsyneladende en webserver hos ripe (?) der har gang i et eller
andet.


--
Med Venlig Hilsen / Best Regards


Kent Nielsen



 
 
Preben Jensen (20-07-2001)
Kommentar
Fra : Preben Jensen


Dato : 20-07-01 17:35

Helt sikkert
her er et udpluk fra min firewall de sidste 34 min.
umiddelbart ser det ud til at være de selv samme afsendere som i går efter
resultaterne på ARIN !

FWIN,2001/07/20,17:56:09 +2:00 GMT,64.180.62.57:2232,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:56:23 +2:00 GMT,64.180.62.57:2238,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:57:57 +2:00
GMT,213.51.158.117:1989,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,17:58:23 +2:00 GMT,64.180.62.57:2287,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:58:38 +2:00 GMT,64.180.62.57:2293,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:59:25 +2:00 GMT,65.7.67.127:1440,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:59:57 +2:00
GMT,24.156.178.206:2041,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:00:40 +2:00 GMT,64.180.62.57:2333,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:00:55 +2:00 GMT,64.180.62.57:2338,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:00:58 +2:00
GMT,213.51.158.117:2001,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:02:55 +2:00 GMT,64.180.62.57:2388,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:03:11 +2:00 GMT,64.180.62.57:2394,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:03:27 +2:00 GMT,65.7.67.127:1480,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:03:58 +2:00
GMT,24.156.178.206:2048,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:05:11 +2:00 GMT,64.180.62.57:2438,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:05:26 +2:00 GMT,64.180.62.57:2443,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:07:28 +2:00 GMT,64.180.62.57:2494,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:07:30 +2:00 GMT,65.7.67.127:1514,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:07:43 +2:00 GMT,64.180.62.57:2499,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:07:59 +2:00
GMT,24.156.178.206:2054,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:09:43 +2:00 GMT,64.180.62.57:2554,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:09:59 +2:00 GMT,64.180.62.57:2567,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:11:29 +2:00 GMT,65.7.67.127:1557,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:12:00 +2:00 GMT,64.180.62.57:2616,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:12:00 +2:00
GMT,24.156.178.206:2061,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:12:14 +2:00 GMT,64.180.62.57:2617,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:14:15 +2:00 GMT,64.180.62.57:2675,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:14:30 +2:00 GMT,64.180.62.57:2680,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:15:30 +2:00 GMT,65.7.67.127:1598,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:16:01 +2:00
GMT,24.156.178.206:2068,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:16:31 +2:00 GMT,64.180.62.57:2727,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:16:46 +2:00 GMT,64.180.62.57:2732,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:18:48 +2:00 GMT,64.180.62.57:2789,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:19:02 +2:00 GMT,64.180.62.57:2794,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:19:32 +2:00 GMT,65.7.67.127:1633,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:20:02 +2:00
GMT,24.156.178.206:2075,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:21:03 +2:00 GMT,64.180.62.57:2841,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:21:19 +2:00 GMT,64.180.62.57:2848,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:23:20 +2:00 GMT,64.180.62.57:2902,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:23:33 +2:00 GMT,65.7.67.127:1676,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:23:34 +2:00 GMT,64.180.62.57:2911,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:24:03 +2:00
GMT,24.156.178.206:2082,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:25:36 +2:00 GMT,64.180.62.57:2967,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:25:50 +2:00 GMT,64.180.62.57:2970,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:27:34 +2:00 GMT,65.7.67.127:1716,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:27:52 +2:00 GMT,64.180.62.57:3024,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:28:04 +2:00
GMT,24.156.178.206:2091,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:28:06 +2:00 GMT,64.180.62.57:3029,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:30:07 +2:00 GMT,64.180.62.57:3089,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:30:23 +2:00 GMT,64.180.62.57:3094,62.243.192.148:6699,TCP
(flags:S)



Lasse Jarlskov (22-07-2001)
Kommentar
Fra : Lasse Jarlskov


Dato : 22-07-01 14:58

"Nielsen" <nielsenNOSPAM@softhome.net> wrote:

>detected: 192.168.1.10:61661 -> 193.0.0.203:80

Uden at jeg er sikker på hvordan man skal læse output fra din
firewall, ser det snarere ud til at det er dig, der har gang i noget.

Der kommer forbindelser fra en eller anden obskur port hos dig, til
RIPEs webserver.

--
mvh.
Lasse Jarlskov
"Bilanalogier - nyhedsgruppernes Erasmus Montanus."

Søg
Reklame
Statistik
Spørgsmål : 177552
Tips : 31968
Nyheder : 719565
Indlæg : 6408847
Brugere : 218887

Månedens bedste
Årets bedste
Sidste års bedste