Re: CodeRed back with with a vengence this month!

[Cory McIntire <cory () cage com-teched net>]

just as a thought , it must depend on what network your in , whereas I am in 
the 65.69 network, i recieve constant hits from infected nimda victims, but, 
i only received 5 hits since 8 Dec of the code red. just food for thought...

cory



On Sunday 09 December 2001 04:33 pm, Russell Fulton wrote:
> HI All,
>       Has anyone else noticed that code red has bounced back very
> quickly this month after its sleep period.  In past months snort has
> not seen CodeRed attacks until 9th or 10th, this month I started seeing
> them on the 2nd and by the 4th they had overtaken nimda and now they
> have overtaken lastmonths peak with 9 days to go.
>
> I also keep an eye on how many systems are probing us on port 80, this
> jumped from about 800 unique source addresses per hour on Nov 30 to
> nearly 3000 this morning.
>
> Any ideas what has changed?
>
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland,  New Zealand
>
>
> ---------------------------------------------------------------------------
> - This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com