Re: Code Red Hammering Away

[<michael () aplatform com>]

Hello Etaoin,

On Sat, 4 Aug 2001, Etaoin Shrdlu wrote:

> Yes, it's true, I fixed the attribution. Young whippersnappers!
>
> michael () aplatform com wrote:
> > On Sat, 4 Aug 2001, Lou Katz wrote:
>
> > > My little Class C seems to be getting 3-6 attempts per second to
> > > connect to Port 80 on various IPs at the present time. Is this
> > > about average?
>
> > Its more than what I am getting.  Never the less since this started again
> > im seeing alot more attempts than in July.
>
> I see about 300% more attempts than in July, but close to one-third of
> those do not appear to be code red. They seem to be what I would have
> suspected. People trying to mask attempts under the noise of code red.
> Nonetheless, it is getting annoying enough that I am close to moving all
> the windoze machines off to a private switched network until this is over.

I can see they are "valid" CR attempts..

> No, I'm not afraid of them being compromised, but some of them do seem to
> be getting hit harder than the rest of my computers. What I don't
> understand is why my openbsd laptop attracts so much attention.
>
> Uname -a shows OpenBSD scorpion 2.6 GENERIC#696 i386, hardly an attractive
> target for code red in my book. No, it's not running a web server. The only
> service it actually offers is sshd.
>
> At first it was interesting, then annoying, now it's just boring. Most of
> the non-code red attempts I see are from apnic, for what that's worth.
>
> --
> You've confused equality of opportunity for equality of outcomes,
> and have seriously confused justice with equality.
>                                 -- Woodchuck