-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just to add some more information, I run a small Apache 1.3.19 webserver on my home network. Nothing fancy, nothing special. Since about 10am this morning, I've had 19 Code Red attempts on that server. Correlating this with the firewall logs, it looks like only about half of the attacks were part of a contiguous scan. The remainder just targetted the web server. I also have other one-offs which bounced off of other non-web hosts on my network. The same sort of data shows up on my external corporate network, as well as our production network. In short, it looks like there's two sets of worms out there. One is scanning large contiguous netblocks in an obvious fashion, the other is hunting and pecking about random IP addresses. YMMV, HAND. - -- "A true friend stabs you in the front." - Oscar Wilde -----BEGIN PGP SIGNATURE----- Comment: For info see http://www.gnupg.org iD8DBQE7V15N36NTGsm+2Z4RAlnTAJ9VCsZ7riUp3WknpU9q9ny6ynSAtACgzTYc cB7VrZUUKd6HIDmEXu8D6MU= =1leB -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 15:51:44 PDT