-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Just to add some more information, I run a small Apache 1.3.19 webserver
on my home network. Nothing fancy, nothing special. Since about 10am this
morning, I've had 19 Code Red attempts on that server. Correlating this
with the firewall logs, it looks like only about half of the attacks were
part of a contiguous scan. The remainder just targetted the web server. I
also have other one-offs which bounced off of other non-web hosts on my
network. The same sort of data shows up on my external corporate network,
as well as our production network.
In short, it looks like there's two sets of worms out there. One is
scanning large contiguous netblocks in an obvious fashion, the other is
hunting and pecking about random IP addresses.
YMMV, HAND.
- --
"A true friend stabs you in the front."
- Oscar Wilde
-----BEGIN PGP SIGNATURE-----
Comment: For info see http://www.gnupg.org
iD8DBQE7V15N36NTGsm+2Z4RAlnTAJ9VCsZ7riUp3WknpU9q9ny6ynSAtACgzTYc
cB7VrZUUKd6HIDmEXu8D6MU=
=1leB
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 15:51:44 PDT