Security Incidents mailing list archives
RE: Full Plate of Crow
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Wed, 1 Aug 2001 12:21:14 -0400
Funny that you mention this. I sent Alfred a quick reply last night (just after he sent out the first Code Red feelers) noting this same kind of activity. Our /24 hasn't seen a single Code Red scan yet, but Snort has been flagging directory traversal and CGI probes since about 9PM last night. I can't wait until high school is back in session and this nonsense takes a back seat... Keith
Agreed. I'm seeing a sharp increase in HEAD queries, HTTP relay attempts, formmail probes, as well as a whole assortment of HTTP type probing in general. I have seen 9 confirmed Code Red traces, but this is almost background noise to the amount of TCP/80 traffic that has kicked up since early this morning.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Full Plate of Crow Alfred Huger (Aug 01)
- Re: Full Plate of Crow Chris Brenton (Aug 01)
- Re: Full Plate of Crow Russell Fulton (Aug 01)
- <Possible follow-ups>
- RE: Full Plate of Crow McCammon, Keith (Aug 01)
- Re: Full Plate of Crow Chris Brenton (Aug 01)