[NCLUG] Fw: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET

James DeWitt jdewitt at verinet.com
Fri Mar 23 21:35:43 MST 2001


Interesting (I think).
I went to the redhat link:

http://www.redhat.com/support/errata/RHSA-2001-007.html

and got no html page in my browser.  However, snort
quickly reported portscans (apparently) from www.redhat.com
Name:    www.redhat.com
Address:  216.148.218.195

Mar 23 20:41:59 216.148.218.195:80 -> my.dh.cp.ip:1065
    UNKNOWN *1**R*** RESERVEDBITS
Mar 23 21:04:09 216.148.218.195:80 -> my.dh.cp.ip:1117
    UNKNOWN *1**R*** RESERVEDBITS

/var/log/secure listed these and:
spp_portscan: portscan status from 216.148.218.195:
    1 connections across 1 hosts: TCP(1), UDP(0) STEALTH

Is this some kind of security scanning feature from redhat?

-- 
JD

On Fri, 23 Mar 2001, Jim Hazell wrote:

> Date: Fri, 23 Mar 2001 17:48:33 -0700
> From: Jim Hazell <jimhazell at home.com>
> Reply-To: nclug at nclug.org
> To: nclug at nclug.org
> Subject: [NCLUG] Fw: ALERT -  A DANGEROUS NEW WORM IS SPREADING ON THE
>     INTERNET
>
snip...




More information about the NCLUG mailing list