That is not correct (unfortunately). We have servers attacked with URLs other than www.something... -----Original Message----- From: Colby Rice [mailto:criceat_private] Sent: Thursday, July 19, 2001 1:29 PM Cc: incidentsat_private; focus-idsat_private Subject: RE: .ida Intrusion Attempt Has anyone else noticed that it is only hitting www. servers? or am I just lucky? I am getting many many attempts but ONLY on my www.<whatever> servers I DO have servers with port 80 open to the outside world that ARE NOT getting hit. from everything I have read on this worm it is picking its IP's at random and if that is the case then I should have been hit on something OTHER then these (few) www. servers.. (or am I missing something?) CR ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 16:19:25 PDT