RE: New IIS worm

To: <debian-security@lists.debian.org>
Subject: RE: New IIS worm
From: Anders Gjære <Anders@oslo.kvalito.no>
Date: Mon, 24 Sep 2001 12:02:39 +0200
Message-id: <[🔎] 010B55064719D511AEBD00500488036212F38F@sekunda5.oslo.kvalito.no>

LaBrea could maby be interesting for someone 

http://hts.dshield.org/LaBrea/

its for decreasing the spread of worms witch tryes random ip's


mvh
anders




# -----Original Message-----
# From: Karl E. Jorgensen [mailto:karl@jorgensen.com]
# Sent: 23. september 2001 18:19
# To: debian-security@lists.debian.org
# Subject: Re: New IIS worm
# 
# 
# On Sun, Sep 23, 2001 at 02:08:40PM +1000, Sam Couter wrote:
# > Karl E. Jorgensen <karl@jorgensen.com> wrote:
# > > Doesn't this leave you open to DOS attacks? I'm thinking 
# that source IP
# > > addresses are relatively easy to forge, and hence an 
# attacher can forge
# > > a nimda attach and cause you to block off legitimate IP 
# addresses -
# > > ie. your DNS server our default gateway...
# > 
# > To forge a Nimda attack would require you to forge a TCP 
# connection. That's
# > not easy, unless the attacker is on the network path to the 
# forged address.
# 
# Obvious, but true. I stand(/sit?) corrected.
# 
# > -- 
# > Sam Couter          |   Internet Engineer   |   
# http://www.topic.com.au/
# > sam@topic.com.au    |   tSA Consulting      |
# > OpenPGP key ID:       DE89C75C,  available on key servers
# > OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 
# 03AE DE89 C75C
# 
# 
# -- 
# Karl E. Jørgensen
# karl@jorgensen.com
# www.karl.jorgensen.com
# ==== Today's fortune:
# We don't know who it was that discovered water, but we're pretty sure
# that it wasn't a fish.
# 	-- Marshall McLuhan
#

Reply to:

Prev by Date: Subject!
Next by Date: strange AIDE reports
Previous by thread: Re: New IIS worm
Next by thread: PERDITA EMAIL
Index(es):
- Date
- Thread