[NCLUG] Fw: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
James DeWitt
jdewitt at verinet.com
Fri Mar 23 21:35:43 MST 2001
Interesting (I think).
I went to the redhat link:
http://www.redhat.com/support/errata/RHSA-2001-007.html
and got no html page in my browser. However, snort
quickly reported portscans (apparently) from www.redhat.com
Name: www.redhat.com
Address: 216.148.218.195
Mar 23 20:41:59 216.148.218.195:80 -> my.dh.cp.ip:1065
UNKNOWN *1**R*** RESERVEDBITS
Mar 23 21:04:09 216.148.218.195:80 -> my.dh.cp.ip:1117
UNKNOWN *1**R*** RESERVEDBITS
/var/log/secure listed these and:
spp_portscan: portscan status from 216.148.218.195:
1 connections across 1 hosts: TCP(1), UDP(0) STEALTH
Is this some kind of security scanning feature from redhat?
--
JD
On Fri, 23 Mar 2001, Jim Hazell wrote:
> Date: Fri, 23 Mar 2001 17:48:33 -0700
> From: Jim Hazell <jimhazell at home.com>
> Reply-To: nclug at nclug.org
> To: nclug at nclug.org
> Subject: [NCLUG] Fw: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE
> INTERNET
>
snip...
More information about the NCLUG
mailing list