Mailinglist Archive: opensuse-security (487 mails)
| < Previous | Next > |
RE: [suse-security] Re: **maillist-work:: Re: [suse-security] doe s anybody know such a log
- From: mailinglists@xxxxxxxxx
- Date: Fri, 11 Oct 2002 14:04:40 +0200
- Message-id: <31347F3CE518D6118ACB00A0246AD0560B232A@xxxxxxxxxxxx>
Hi
yes, it's really possible. Our reverse proxy just today picked up the same
logs coming from a french IP address.
I'm just checking what exactly this is.
Philipp
> -----Original Message-----
> From: Thomas Seliger [mailto:CRJLJAKTJORB@xxxxxxxxxxxxx]
> Sent: Friday, October 11, 2002 2:01 PM
> To: suse-security@xxxxxxxx
> Subject: [suse-security] Re: **maillist-work:: Re:
> [suse-security] does
> anybody know such a log
>
>
> Hi,
>
> What Hannes says is true. There are quite a few nimda
> infected computers
> out there that are connected to the internet via T-DSL, even
> some with
> ISDN. With "flatrates" getting affordable, people often have
> their PCs
> connected their PCs almost 24h to (e.g. for download or P2P). Also
> running a Webserver on such hosts isn't as uncommon as it used to be.
>
> peace,
> Tom
>
>
> Johannes Studt wrote:
>
> > On Friday 11 October 2002 13:28, mailinglists@xxxxxxxxx wrote:
> >
> >>Who's sleeping here?
> >>This isn't neither nimda nor code red. This is a scan. it came from
> >>a dial up account. Nimda and Code red never came from dial up
> >>accounts. They always came from static IP addresses.
> >
> >
> > Why nimda or code red _must_ come from static ip addresses?
> > Think of IIS installed on WinPCs which are 24/7 up and
> accessible via
> > DynDNS names. Such systems are vulnerable too...
> >
> > Hannes
> >
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
yes, it's really possible. Our reverse proxy just today picked up the same
logs coming from a french IP address.
I'm just checking what exactly this is.
Philipp
> -----Original Message-----
> From: Thomas Seliger [mailto:CRJLJAKTJORB@xxxxxxxxxxxxx]
> Sent: Friday, October 11, 2002 2:01 PM
> To: suse-security@xxxxxxxx
> Subject: [suse-security] Re: **maillist-work:: Re:
> [suse-security] does
> anybody know such a log
>
>
> Hi,
>
> What Hannes says is true. There are quite a few nimda
> infected computers
> out there that are connected to the internet via T-DSL, even
> some with
> ISDN. With "flatrates" getting affordable, people often have
> their PCs
> connected their PCs almost 24h to (e.g. for download or P2P). Also
> running a Webserver on such hosts isn't as uncommon as it used to be.
>
> peace,
> Tom
>
>
> Johannes Studt wrote:
>
> > On Friday 11 October 2002 13:28, mailinglists@xxxxxxxxx wrote:
> >
> >>Who's sleeping here?
> >>This isn't neither nimda nor code red. This is a scan. it came from
> >>a dial up account. Nimda and Code red never came from dial up
> >>accounts. They always came from static IP addresses.
> >
> >
> > Why nimda or code red _must_ come from static ip addresses?
> > Think of IIS installed on WinPCs which are 24/7 up and
> accessible via
> > DynDNS names. Such systems are vulnerable too...
> >
> > Hannes
> >
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
| < Previous | Next > |