[Snort-users] Todays Terrorist Attack

Gordon Ewasiuk gewasiuk at ...3392...
Wed Sep 12 08:42:01 EDT 2001


On Yesterday, SecurityGauntlet wrote:

>Please place postings on any trends that make you suspicious of  ANY future
>Terrorist Attacks to come.

Activity is increasing at this datacenter...

over 3 million individual attacks since 1700hrs EST yesterday (11Sept01).

Profiles include:  Code Red, SMTP probes & overflow attempts
(passing large values during HELO, MAIL FROM, etc.), rpc stuff, as
well as ping sweeps and port scans.

Most of the bad guys are coming from APNIC IP blocks at this time.
Secondary suspects are from RIPE blocks in France as well as cable
modem/DSL block domestically.

-Gordon

--------------------------------------------------
Gordon Ewasiuk, Certifed Sun Fanatic,  Winstar VHC
The REAL office number is here----->  703.893.4901
Tired of BSODs, My Computer, and Code Red?
http://www.sun.com/solaris/binaries/
-------------------------------------------------

 11:30am  up 2 day(s),  1:23,  1 user,  load average: 0.01, 0.06, 0.08






More information about the Snort-users mailing list