OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: John Sage (jsagefinchhaven.com)
Date: Fri Feb 22 2002 - 19:05:31 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Fri, Feb 22, 2002 at 07:26:08PM -0500, dr.kaos wrote:
    > On Friday 22 February 2002 07:04 pm, John Sage wrote:
    >
    > > I used to feel the same, back in November, maybe, but it's late
    > > February 2002 and the incessant rain of Code Red/Nimda probes
    > > continues unrelenting.

    <snip>

    > For instance, in Jeff's earlier post, he mentioned an open relay on port 25
    > of the host he scanned. Anyone want to bet that someone saw that in the post
    > and uses the IP specified as a spam relay? I'm betting there's a pretty good
    > chance. And that just means more spam for you and me to killfile.

    Yeah.. you're right there.

    Posting an IP is a little out there, but posting the fact that there
    are specicific open ports is not appropriate.

    I have no doubt whatsoever that crackers monitor these lists.

    Let them figure out what ports are open; I mean, that's what they're
    supposed to be good at, eh?

    - John 

    -- 
Most people don't type their own logfiles;  but, what do I care?

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users