On Thu, 19 Jul 2001, Kelly Martin wrote: > thousand hits on our IP block in the past six hours or so with none > before that, and that doesn't even count the ones that smacked > silently against the firewall (port 80 is only open through the > firewall to hosts that actually run public web servers, which is > only a tiny fraction of the IPs in the block). Something I've noticed in our Apache logs - 70% of the hits (maybe 20 so far) are from cable modem and adsl style addresses (according to the dig data). Notably @home and mediaone. I've attempted to mail some places that their server is infected. Of 5 mails sent, 3 bounced as undeliverable to webmaster@domain. One actually routed through two aliases before bouncing! Oh well, the Apache server is immune, the IIS server is patched, but there are no hits in its logs (though there were plenty for the cmd.exe exploit). As a side note, our address block is in the 12.x.x.x range.. perhaps AT&T isn't counted as a good target? -- Sapere aude My mind not only wanders, it sometimes leaves completely.
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 17:55:16 PDT