Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Forwarded: Re: Possible CodeRed Connection Attempts

From: Ken Eichman <keichman () cas org>
Date: Fri, 20 Jul 2001 11:15:56 -0400 (EDT)
I forgot to label the columns which I've added below. Ken


From keichman () cas org Fri Jul 20 11:12:01 2001 EDT (GMT-4)

From: dave.goldsmith () intelsat com
We have a sniffer located on the network segment behind our Internet router
and in front of the firewall.  The stats below show attempts from Internet
hosts to connect to port 80 on random IP addresses on our class B network.
I have not included any connections to the machines that are running web
servers that are reachable from the Internet.


Dave, Wow! I've got a similar setup and have been tracking these
probes since 7/13. I'm lining our stats up side-by-side for comparison
purposes. Man they're similar! I have no idea why my class-b was
getting hit more frequently to start with. I'm speculating that my
address space just happened to get hit more by the worm's 'random'
address generator.


                  Dave Goldsmith's Stats        Ken Eichman's Stats


Day     Hour    Total           Unique        Total           Unique
                Connections     Sources       Connections     Sources
============    ========================      =======================
07/19   00      120             17              12699          2450
07/19   01      81              12              13059          2577
07/19   02      62              11              13272          2590
07/19   03      97              20              13056          2564
07/19   04      85              18              13283          2632
07/19   05      128             20              13229          2612
07/19   06      140             20              13554          2601
07/19   07      212             34              13517          2608
07/19   08      645             137             13746          2685
07/19   09      5717            1281            16819          3325
07/19   10      36879           8186            36589          7838
07/19   11      150913          34361          116083         26823
07/19   12      362011          79789          295348         68085
07/19   13      519846          111148         466542        103522
07/19   14      556220          117946         520973        113451
07/19   15      547087          115193         513513        115124
07/19   16      540009          115983         513894         90931
07/19   17      519810          111290         499642        111175
07/19   18      499565          107106         480850        106215
07/19   19      390019          89331          449712         97699
07/19   20      14541           3493            26687          7319
07/19   21      9733            2233             9197          2181
07/19   22      9093            1882             7782          1814
07/19   23      8539            1672             7056          1648
                =======        =======        =======        ======
Day Total       4171552        274041         4080321        279911


Ken Eichman                  Senior Security Engineer
Chemical Abstracts Service   Tel:   (614) 447-3838 ext 3230
2540 Olentangy River Road    Fax:   (614) 447-3855
Columbus, OH 43210           Email: keichman () cas org



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: