Full Disclosure mailing list archives
Re: 100 Worms per Second, Courtesy of Telstra
From: "Karl A. Krueger" <kkrueger () outbox whoi edu>
Date: Sun, 26 Jan 2003 20:07:38 -0500
On Sun, Jan 26, 2003 at 04:48:30PM -0500, Mike Tancsa wrote:
At 01:50 PM 26/01/2003 -0500, Karl A. Krueger wrote:Pardon my delurk, but this is very strange worm behavior. We are seeing 100 SQL Worms per second from a single IP address on Telstra. This isPerhaps a series of servers behind natted behind a single IP ?
I thought of that, but the machine has "dhcp" in its DNS hostname, which made me think "client system": 203.50.0.215 == rsdhcp21.telstra.net Thankfully, it seems that either my post here or my messages to Telstra (the ones that didn't bounce) got through to someone ... or else they just finally woke up and took their worm box down -- at least, it isn't phl00ding us any more. -- Karl A. Krueger <kkrueger () whoi edu> Network Security -- Linux/Unix Systems Support -- Etc. Woods Hole Oceanographic Institution _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- 100 Worms per Second, Courtesy of Telstra Karl A. Krueger (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Matthew Murphy (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Mike Tancsa (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Karl A. Krueger (Jan 26)
- Re: 100 Worms per Second, Courtesy of Telstra Roland Postle (Jan 26)