-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am seeing port 80 scans on "all" my hosts. BlackICE is going nuts
everywhere, my Apache machines are gleefully logging the default.ida
requests and I am consindering blocking port 80 for all but my public www
servers. I probably should do this anyway, but this is getting
ridiculous!
**********************************************
Tim Winders, MCSE, CNE, CCNA
Associate Dean of Information Technology
South Plains College
Levelland, TX 79336
Phone: 806-894-9611 x 2369
FAX: 806-894-1549
Email: TWindersat_private
**********************************************
On Thu, 19 Jul 2001, Colby Rice wrote:
> Has anyone else noticed that it is only hitting www. servers? or am I
> just lucky? I am getting many many attempts but ONLY on my
> www.<whatever> servers I DO have servers with port 80 open to the
> outside world that ARE NOT getting hit. from everything I have read on
> this worm it is picking its IP's at random and if that is the case then
> I should have been hit on something OTHER then these (few) www.
> servers..
>
> (or am I missing something?)
>
> CR
>
>
> ----------------------------------------------------------------------------
>
>
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see:
>
> http://aris.securityfocus.com
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OSF1)
Comment: Made with pgp4pine 1.76
iEYEARECAAYFAjtXcMAACgkQTPuHnIooYbzYtgCfTx5Jo9FnkiqGdJ1BYI9+QtF3
bWkAn1fA88KJfcVci1opL9MHqIkMph89
=Bld0
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 20:04:48 PDT