HTTP connections

From: Gillard, Paul (paul.gillardat_private)
Date: Thu Jul 19 2001 - 10:22:36 PDT

  • Next message: Colby Rice: "RE: .ida Intrusion Attempt"

    In the past hour I've seen a dramatic increase in attempted connection to
    port 80 for all the IP's we own, none of which are web servers. I usually
    get about 1 a day but in the last hour I've had over thirty different IP's
    trying to connect and it looks like it's increasing (examples below).
    
    Has anybody any ideas on why this should increase so suddenly? Maybe
    attempts from "code red" infected machines?
    
    24.14.236.44     aaa.bbb.ccc.73    1130      80            deny   eth0:6
    24.14.236.44     aaa.bbb.ccc.73    1130      80            deny   eth0:6
    24.14.236.44     aaa.bbb.ccc.73    1130      80            deny   eth0:3
    63.107.98.2      aaa.bbb.ccc.70    34296     80            deny   eth0:3
    63.107.98.2      aaa.bbb.ccc.70    34296     80            deny   eth0:3
    63.107.98.2      aaa.bbb.ccc.70    34296     80            deny   eth0:7
    65.42.206.68     aaa.bbb.ccc.74    2193      80            deny   eth0:7
    65.42.206.68     aaa.bbb.ccc.74    2193      80            deny   eth0:7
    65.42.206.68     aaa.bbb.ccc.74    2193      80            deny   eth0
    200.253.169.10   aaa.bbb.ccc.66    21999     80            deny   eth0
    200.253.169.10   aaa.bbb.ccc.66    21999     80            deny   eth0:6
    203.247.201.87   aaa.bbb.ccc.73    3582      80            deny   eth0:6
    203.247.201.87   aaa.bbb.ccc.73    3582      80            deny   eth0:6
    203.247.201.87   aaa.bbb.ccc.73    3582      80            deny   eth0:2
    217.88.174.72    aaa.bbb.ccc.68    3163      80            deny   eth0:2
    217.88.174.72    aaa.bbb.ccc.68    3163      80            deny   eth0:2
    217.88.174.72    aaa.bbb.ccc.68    3163      80            deny   eth0:8
    63.218.145.156   aaa.bbb.ccc.75    2684      80            deny   eth0:8
    63.218.145.156   aaa.bbb.ccc.75    2684      80            deny   eth0:8
    63.218.145.156   aaa.bbb.ccc.75    2684      80            deny   eth0:1
    204.210.242.171  aaa.bbb.ccc.67    1503      80            deny   eth0:1
    204.210.242.171  aaa.bbb.ccc.67    1503      80            deny   eth0:1
    204.210.242.171  aaa.bbb.ccc.67    1503      80            deny   eth0:1   
    
    Paul Gillard
    System Administrator
    RadioScape Ltd.
    +44 (0)20 7317 3414
    paul.gillardat_private
    
    
     
    
    
    **********************************************************************
    This email and any files transmitted with it are confidential and
    intended solely for the use of the individual or entity to whom they
    are addressed. If you have received this email in error please notify
    postmasterat_private
    
    This footnote also confirms that this email message has been scanned
    for the presence of computer viruses known at the time of sending.
    
    www.radioscape.com
    **********************************************************************
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 16:33:48 PDT