Kandu.dk - Orm ?


/ Forside / Teknologi / Internet / Sikkerhed / Nyhedsindlæg

Glemt dit kodeord?

Brugernavn*

Kodeord *

Husk mig

Brugerservice

Kom godt i gang

Bliv medlem

Seneste indlæg

Find en bruger

Stil et spørgsmål

Skriv et tip

Fortæl en ven

Pointsystemet

Kontakt Kandu.dk

Emnevisning

Kategorier

Alfabetisk

Karriere

Interesser

Teknologi

Reklame

Top 10 brugere

Sikkerhed

#	Navn	Point
1	stl_s	37026
2	arlet	26827
3	miritdk	20260
4	o.v.n.	12167
5	als	8951
6	refi	8694
7	tedd	8272
8	BjarneD	7338
9	Klaudi	7257
10	molokyle	6481

Orm ?
Fra : Nielsen

Dato : 20-07-01 16:39

Hej lige et lille udpluk fra min Firewall:

Jul 20 15:39:33 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61661 -> 193.0.0.203:80

Jul 20 15:39:34 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61662 -> 193.0.0.203:80

Jul 20 15:39:34 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61661 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61662 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61662 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61663 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61662 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61663 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61664 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61665 -> 193.0.0.203:80

Jul 20 15:39:35 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61664 -> 193.0.0.203:80

Jul 20 15:39:36 firewall snort[9313]: spp_http_decode: IIS Unicode attack
detected: 192.168.1.10:61665 -> 193.0.0.203:80

Er det den berygtede "Orm" der har været i gang her ?

Det er tilsyneladende en webserver hos ripe (?) der har gang i et eller
andet.

--
Med Venlig Hilsen / Best Regards

Kent Nielsen

Preben Jensen (20-07-2001)

Kommentar
Fra : Preben Jensen

Dato : 20-07-01 17:35

Helt sikkert Blink

her er et udpluk fra min firewall de sidste 34 min.
umiddelbart ser det ud til at være de selv samme afsendere som i går efter
resultaterne på ARIN !

FWIN,2001/07/20,17:56:09 +2:00 GMT,64.180.62.57:2232,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:56:23 +2:00 GMT,64.180.62.57:2238,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:57:57 +2:00
GMT,213.51.158.117:1989,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,17:58:23 +2:00 GMT,64.180.62.57:2287,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:58:38 +2:00 GMT,64.180.62.57:2293,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:59:25 +2:00 GMT,65.7.67.127:1440,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,17:59:57 +2:00
GMT,24.156.178.206:2041,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:00:40 +2:00 GMT,64.180.62.57:2333,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:00:55 +2:00 GMT,64.180.62.57:2338,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:00:58 +2:00
GMT,213.51.158.117:2001,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:02:55 +2:00 GMT,64.180.62.57:2388,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:03:11 +2:00 GMT,64.180.62.57:2394,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:03:27 +2:00 GMT,65.7.67.127:1480,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:03:58 +2:00
GMT,24.156.178.206:2048,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:05:11 +2:00 GMT,64.180.62.57:2438,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:05:26 +2:00 GMT,64.180.62.57:2443,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:07:28 +2:00 GMT,64.180.62.57:2494,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:07:30 +2:00 GMT,65.7.67.127:1514,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:07:43 +2:00 GMT,64.180.62.57:2499,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:07:59 +2:00
GMT,24.156.178.206:2054,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:09:43 +2:00 GMT,64.180.62.57:2554,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:09:59 +2:00 GMT,64.180.62.57:2567,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:11:29 +2:00 GMT,65.7.67.127:1557,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:12:00 +2:00 GMT,64.180.62.57:2616,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:12:00 +2:00
GMT,24.156.178.206:2061,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:12:14 +2:00 GMT,64.180.62.57:2617,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:14:15 +2:00 GMT,64.180.62.57:2675,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:14:30 +2:00 GMT,64.180.62.57:2680,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:15:30 +2:00 GMT,65.7.67.127:1598,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:16:01 +2:00
GMT,24.156.178.206:2068,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:16:31 +2:00 GMT,64.180.62.57:2727,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:16:46 +2:00 GMT,64.180.62.57:2732,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:18:48 +2:00 GMT,64.180.62.57:2789,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:19:02 +2:00 GMT,64.180.62.57:2794,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:19:32 +2:00 GMT,65.7.67.127:1633,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:20:02 +2:00
GMT,24.156.178.206:2075,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:21:03 +2:00 GMT,64.180.62.57:2841,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:21:19 +2:00 GMT,64.180.62.57:2848,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:23:20 +2:00 GMT,64.180.62.57:2902,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:23:33 +2:00 GMT,65.7.67.127:1676,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:23:34 +2:00 GMT,64.180.62.57:2911,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:24:03 +2:00
GMT,24.156.178.206:2082,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:25:36 +2:00 GMT,64.180.62.57:2967,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:25:50 +2:00 GMT,64.180.62.57:2970,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:27:34 +2:00 GMT,65.7.67.127:1716,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:27:52 +2:00 GMT,64.180.62.57:3024,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:28:04 +2:00
GMT,24.156.178.206:2091,62.243.192.148:6699,TCP (flags:S)
FWIN,2001/07/20,18:28:06 +2:00 GMT,64.180.62.57:3029,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:30:07 +2:00 GMT,64.180.62.57:3089,62.243.192.148:6699,TCP
(flags:S)
FWIN,2001/07/20,18:30:23 +2:00 GMT,64.180.62.57:3094,62.243.192.148:6699,TCP
(flags:S)

Lasse Jarlskov (22-07-2001)

Kommentar
Fra : Lasse Jarlskov

Dato : 22-07-01 14:58

"Nielsen" <nielsenNOSPAM@softhome.net> wrote:

>detected: 192.168.1.10:61661 -> 193.0.0.203:80

Uden at jeg er sikker på hvordan man skal læse output fra din
firewall, ser det snarere ud til at det er dig, der har gang i noget.

Der kommer forbindelser fra en eller anden obskur port hos dig, til
RIPEs webserver.

--
mvh.
Lasse Jarlskov
"Bilanalogier - nyhedsgruppernes Erasmus Montanus."

Søg

Reklame

Statistik

Spørgsmål :	177552
Tips :	31968
Nyheder :	719565
Indlæg :	6408849
Brugere :	218887

Månedens bedste

Årets bedste

Sidste års bedste