Security Incidents mailing list archives
Re: Code Red and other anomalous activity from 1433
From: Thomas Cannon <tcannon () noops org>
Date: Thu, 11 Jul 2002 13:00:15 -0700 (PDT)
On Thu, 11 Jul 2002, Curley Mr Eric P wrote:
Has anybody else been getting slammed by Code Red activity today? It seems to be coming from mostly Asian blocks but there are some other blocks thrown in there as well. Then again it could all be spoofed and could be coming from the 12 year old down the street..Thrown into all this traffic I'm also seeing a lot of Dest ports with 1433; Possibly that SQL stuff that happened last month..anywho, just wanted to know if anybody else was experiencing this. Cheers, Eric
I haven't noticed anything unusual myself today, but a quick look at the Internet Storm Center seems to indicate that port 80 is being pretty heaving attacked. That might be folks going after the apache chunked-encoding issue, though: http://www.dshield.org/ -thomas ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red and other anomalous activity from 1433 Curley Mr Eric P (Jul 11)
- Re: Code Red and other anomalous activity from 1433 Thomas Cannon (Jul 11)
- <Possible follow-ups>
- RE: Code Red and other anomalous activity from 1433 Graham, Randy (RAW) (Jul 11)
- RE: Code Red and other anomalous activity from 1433 Michael Fredericks (Jul 11)
- RE: Code Red and other anomalous activity from 1433 lsi (Jul 12)