Security Incidents mailing list archives
Re: CodeRed back with with a vengence this month!
From: Cory McIntire <cory () cage com-teched net>
Date: Mon, 10 Dec 2001 11:00:34 -0600
just as a thought , it must depend on what network your in , whereas I am in the 65.69 network, i recieve constant hits from infected nimda victims, but, i only received 5 hits since 8 Dec of the code red. just food for thought... cory On Sunday 09 December 2001 04:33 pm, Russell Fulton wrote:
HI All, Has anyone else noticed that code red has bounced back very quickly this month after its sleep period. In past months snort has not seen CodeRed attacks until 9th or 10th, this month I started seeing them on the 2nd and by the 4th they had overtaken nimda and now they have overtaken lastmonths peak with 9 days to go. I also keep an eye on how many systems are probing us on port 80, this jumped from about 800 unique source addresses per hour on Nov 30 to nearly 3000 this morning. Any ideas what has changed? Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand --------------------------------------------------------------------------- - This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CodeRed back with with a vengence this month! Russell Fulton (Dec 10)
- Re: CodeRed back with with a vengence this month! Cory McIntire (Dec 10)
- Re: CodeRed back with with a vengence this month! Ian O'Brien (Dec 10)
- Re: CodeRed back with with a vengence this month! zeno (Dec 10)
- Re: CodeRed back with with a vengence this month! Cory McIntire (Dec 10)