Security Incidents mailing list archives

Re: Code Red and other anomalous activity from 1433

From: Thomas Cannon <tcannon () noops org>
Date: Thu, 11 Jul 2002 13:00:15 -0700 (PDT)

On Thu, 11 Jul 2002, Curley Mr Eric P wrote:

Has anybody else been getting slammed by Code Red activity today?  It seems
to be coming from mostly Asian blocks  but there are some other blocks
thrown in there as well.  Then again it could all be spoofed and could be
coming from the 12 year old down the street..Thrown into all this traffic
I'm also seeing a lot of Dest ports with 1433; Possibly that SQL stuff that
happened last month..anywho, just wanted to know if anybody else was
experiencing this.

Cheers,
Eric


I haven't noticed anything unusual myself today, but a quick look at the
Internet Storm Center seems to indicate that port 80 is being pretty
heaving attacked. That might be folks going after the apache
chunked-encoding issue, though:

http://www.dshield.org/

-thomas




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Code Red and other anomalous activity from 1433 Curley Mr Eric P (Jul 11)
- Re: Code Red and other anomalous activity from 1433 Thomas Cannon (Jul 11)
- <Possible follow-ups>
- RE: Code Red and other anomalous activity from 1433 Graham, Randy (RAW) (Jul 11)
- RE: Code Red and other anomalous activity from 1433 Michael Fredericks (Jul 11)
  - RE: Code Red and other anomalous activity from 1433 lsi (Jul 12)