nanog mailing list archives

Re: Code Red on dial-in ppp

From: Keith Woodworth <kwoody () citytel net>
Date: Sat, 21 Jul 2001 11:44:49 -0700 (PDT)




On Sat, 21 Jul 2001, Chris Adams wrote:

|+Interesting to note that the one host from our IP space that hit one of
|+our servers was NOT in the report I received.  We had over 21,000 hosts
|+try this on our (Unix/Apache) web servers.  Is someone collecting logs
|+to generate reports?

Weird but Ive been scanning our Apache logs and have yet to see any
attempts for this yet.

Snort has reported 414 alerts w/ regards to Code Red in about a 12 hour
period, but none of the destinations are where are web server sits, just
all in our DSL range.

Keith

Current thread:

Code Red on dial-in ppp Mitch Halmu (Jul 21)
- Re: Code Red on dial-in ppp Jason A. Mills (Jul 21)
  - Re: Code Red on dial-in ppp Mitch Halmu (Jul 21)
    - Re: Code Red on dial-in ppp up (Jul 21)
    - Re: Code Red on dial-in ppp Damon M. Conway (Jul 21)
  - Re: Code Red on dial-in ppp Chris Adams (Jul 21)
    - Re: Code Red on dial-in ppp John Kristoff (Jul 21)
    - Re: Code Red on dial-in ppp Keith Woodworth (Jul 21)
- Code Red seemingly on firewall (Re: Code Red on dial-in ppp) E.B. Dreger (Jul 21)