Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 'Code Red' does not seem to be scanning for IIS

From: Ethan Butterfield <primus () veris org>
Date: Thu, 19 Jul 2001 15:25:18 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just to add some more information, I run a small Apache 1.3.19 webserver
on my home network. Nothing fancy, nothing special. Since about 10am this
morning, I've had 19 Code Red attempts on that server. Correlating this
with the firewall logs, it looks like only about half of the attacks were
part of a contiguous scan. The remainder just targetted the web server. I
also have other one-offs which bounced off of other non-web hosts on my
network. The same sort of data shows up on my external corporate network,
as well as our production network.

In short, it looks like there's two sets of worms out there. One is
scanning large contiguous netblocks in an obvious fashion, the other is
hunting and pecking about random IP addresses.

YMMV, HAND.

- -- 

 "A true friend stabs you in the front."
     - Oscar Wilde

-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org

iD8DBQE7V15N36NTGsm+2Z4RAlnTAJ9VCsZ7riUp3WknpU9q9ny6ynSAtACgzTYc
cB7VrZUUKd6HIDmEXu8D6MU=
=1leB
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: