ICMP Echo/HTTP Pattern, HP Mystery Patch Explained, DNS Reflector Attack(?)
Combined ICMP Echo Request and TCP Port 80 Traffic
We have received reports of an odd traffic pattern: a single ICMP echo request followed immediately by an HTTP request for the default website page. This pattern is repeated at a daily rate of approximately 1200 times per day, each sourced from a different IP.
We're "fishing" (rather than "phishing") for information on this. If anyone out there is experiencing the same phenomenon, please drop us a note:
http://isc.sans.org/contact.html
HP Patch Mystery Explained
In the January 16th Diary ( http://isc.sans.org/diary.html?date=2004-01-16 ), we mentioned that HP had made a "mystery" patch available for SSH on Tru64 Unix. This article explains its purpose:
http://news.zdnet.co.uk/software/linuxunix/0,39020390,39119149,00.htm
The patch fixes flaws in both SSH and VPN on Tru64 Unix. The flaws are believed to be present only in the Tru64 versions of these services.
Looking For Signs of Large Scale DNS Reflector Attack
We have received reports of DNS servers suddenly attempting to repeatedly and rapidly resolve a single hostname.
Again, we're on a "fishing" expedition here, folks. Please take a look for this behavior on your networks and report anything you find to us.
http://isc.sans.org/contact.html
-------------------------------------------------------------------
Handler on Duty: Tom Liston ( http://www.labreatechnologies.com )
We have received reports of an odd traffic pattern: a single ICMP echo request followed immediately by an HTTP request for the default website page. This pattern is repeated at a daily rate of approximately 1200 times per day, each sourced from a different IP.
We're "fishing" (rather than "phishing") for information on this. If anyone out there is experiencing the same phenomenon, please drop us a note:
http://isc.sans.org/contact.html
HP Patch Mystery Explained
In the January 16th Diary ( http://isc.sans.org/diary.html?date=2004-01-16 ), we mentioned that HP had made a "mystery" patch available for SSH on Tru64 Unix. This article explains its purpose:
http://news.zdnet.co.uk/software/linuxunix/0,39020390,39119149,00.htm
The patch fixes flaws in both SSH and VPN on Tru64 Unix. The flaws are believed to be present only in the Tru64 versions of these services.
Looking For Signs of Large Scale DNS Reflector Attack
We have received reports of DNS servers suddenly attempting to repeatedly and rapidly resolve a single hostname.
Again, we're on a "fishing" expedition here, folks. Please take a look for this behavior on your networks and report anything you find to us.
http://isc.sans.org/contact.html
-------------------------------------------------------------------
Handler on Duty: Tom Liston ( http://www.labreatechnologies.com )
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments