[Snort-users] Todays Terrorist Attack

Wayne T Work wwork at ...3179...
Wed Sep 12 08:59:02 EDT 2001


Good Info,

Keep posting more like this. We need to contain any possibility of escalation.
Thanks again

At 11:38 AM 9/12/2001 -0400, Gordon Ewasiuk wrote:
>On Yesterday, SecurityGauntlet wrote:
>
> >Please place postings on any trends that make you suspicious of  ANY future
> >Terrorist Attacks to come.
>
>Activity is increasing at this datacenter...
>
>over 3 million individual attacks since 1700hrs EST yesterday (11Sept01).
>
>Profiles include:  Code Red, SMTP probes & overflow attempts
>(passing large values during HELO, MAIL FROM, etc.), rpc stuff, as
>well as ping sweeps and port scans.
>
>Most of the bad guys are coming from APNIC IP blocks at this time.
>Secondary suspects are from RIPE blocks in France as well as cable
>modem/DSL block domestically.
>
>-Gordon
>
>--------------------------------------------------
>Gordon Ewasiuk, Certifed Sun Fanatic,  Winstar VHC
>The REAL office number is here----->  703.893.4901
>Tired of BSODs, My Computer, and Code Red?
>http://www.sun.com/solaris/binaries/
>-------------------------------------------------
>
>  11:30am  up 2 day(s),  1:23,  1 user,  load average: 0.01, 0.06, 0.08
>
>
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users

Wayne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010912/f1adb353/attachment.html>


More information about the Snort-users mailing list