Hi Steven,
Can you tell me what kind of monitor that is, and
where can it be obtained from. Actually I was
searching for such scanner from long.
Gaurang.
--- "Steven M. Bellovin" <smb(_at_)research(_dot_)att(_dot_)com> wrote:
In message
<200108071321(_dot_)JAA18560(_at_)morticia(_dot_)cc(_dot_)gatech(_dot_)edu>,
Bobby Krupczak write
s:
Hi!
Well, folks, my packet suckers have shown a Code
Red II attack from a
machine on the IETF meeting net. It's
217.33.140.38 -- if you have
that address, you need to disinfect and patch your
machine. For the
rest of you, be careful...
Do you always snoop on traffic at IETFs?
I'm running a monitor to detect what folks are
sending to *my*
machine:
Tue Aug 7 13:28:59 2001 tcpsuck www(80)
TCP message from host
host217-33-140-38.ietf.ignite.net (217.33.140.38):
port 3446
128 bytes received
0: 47455420 2f646566 61756c74 2e696461 GET
/default.ida
16: 3f585858 58585858 58585858 58585858
?XXXXXXXXXXXXXXX
32: 58585858 58585858 58585858 58585858
XXXXXXXXXXXXXXXX
48: 58585858 58585858 58585858 58585858
XXXXXXXXXXXXXXXX
64: 58585858 58585858 58585858 58585858
XXXXXXXXXXXXXXXX
80: 58585858 58585858 58585858 58585858
XXXXXXXXXXXXXXXX
96: 58585858 58585858 58585858 58585858
XXXXXXXXXXXXXXXX
112: 58585858 58585858 58585858 58585858
XXXXXXXXXXXXXXXX
(The monitor is truncating at 128 bytes, by intent.)
--Steve Bellovin, http://www.research.att.com/~smb
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/