-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am seeing port 80 scans on "all" my hosts. BlackICE is going nuts everywhere, my Apache machines are gleefully logging the default.ida requests and I am consindering blocking port 80 for all but my public www servers. I probably should do this anyway, but this is getting ridiculous! ********************************************** Tim Winders, MCSE, CNE, CCNA Associate Dean of Information Technology South Plains College Levelland, TX 79336 Phone: 806-894-9611 x 2369 FAX: 806-894-1549 Email: TWindersat_private ********************************************** On Thu, 19 Jul 2001, Colby Rice wrote: > Has anyone else noticed that it is only hitting www. servers? or am I > just lucky? I am getting many many attempts but ONLY on my > www.<whatever> servers I DO have servers with port 80 open to the > outside world that ARE NOT getting hit. from everything I have read on > this worm it is picking its IP's at random and if that is the case then > I should have been hit on something OTHER then these (few) www. > servers.. > > (or am I missing something?) > > CR > > > ---------------------------------------------------------------------------- > > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: > > http://aris.securityfocus.com > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OSF1) Comment: Made with pgp4pine 1.76 iEYEARECAAYFAjtXcMAACgkQTPuHnIooYbzYtgCfTx5Jo9FnkiqGdJ1BYI9+QtF3 bWkAn1fA88KJfcVci1opL9MHqIkMph89 =Bld0 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 20:04:48 PDT