A few possibilities come to mind:

1. your IP address changed recently (dialup perhaps?)
   and the response was intended for the previous owner
   of that ip (it is possible that the response is not
   realtime, but sent after analyzing the logs periodically)

2. Remote side is scanning, and masking the scan by
   making you think that it is a codered response

3. Your machine _is_ scanning, hacked perhaps, or
   a legitimate user tried some script (I am sure
   there are scripts that exploit the vulnerability
   by now)

Can

On 3 Sep 2001 at 18:23, red0x wrote:

> That's the weird thing, I don't have code red, its linux and apache.. so
> wtf?
>
--=< Can Erkin Acar (canacarbigfoot.com) >=--

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]