Re: My list of default.ida connection attempts

From: Vern Paxson (vernat_private)
Date: Sun Jul 22 2001 - 13:20:31 PDT

Next message: The Death: "RE: CRv2 - Questions"

Previous message: steve: ""datapool is a DoS attacks kit" message"
Next in thread: Jon O .: "Wide-scale Code Red Damage Assessment and Report"
Reply: Jon O .: "Wide-scale Code Red Damage Assessment and Report"
Reply: Vern Paxson: "Re: My list of default.ida connection attempts"
Reply: Jon O .: "Wide-scale Code Red Damage Assessment and Report"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 	Listed below are the 256 unique hosts who have so far apparently
> attempted to use default.ida to compromise my systems:

There's a list of 19,764 that tried to compromise lbl.gov (which has 
a large cross section, 2 class B's) in

	ftp://ftp.ee.lbl.gov/.vp-code-red-infectees.timestamp.gz

Times in the file are PDT, along with Unix timestamps.

		Vern

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: The Death: "RE: CRv2 - Questions"
Previous message: steve: ""datapool is a DoS attacks kit" message"
Next in thread: Jon O .: "Wide-scale Code Red Damage Assessment and Report"
Reply: Jon O .: "Wide-scale Code Red Damage Assessment and Report"
Reply: Vern Paxson: "Re: My list of default.ida connection attempts"
Reply: Jon O .: "Wide-scale Code Red Damage Assessment and Report"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 13:34:16 PDT