Hi all, I'm starting to see the first infection attempts to systems on the cable modem netblock on my snort IDS at home. (Funny, I can see all the traffic in mij neighbourhood on my cable modem connection, is that normal?) ;-) Some relative info: Snort 1.7 with standard rules, and the CodeRed additional rules. Source Dest #0-(6-107) CodeRed Defacement 2001-08-01 09:44:58 211.205.83.13:2008 212.xxx.xxx.xxx:80 TCP #1-(6-131) CodeRed Defacement 2001-08-01 11:17:50 211.41.180.163:2566 212.xxx.xxx.yyy:80 TCP Time is in GMT +1 and as far I can tell are the sources two closely related Korean hosts And a quick scan with the eEye CodeRed scanner (Thank you quys!!) is telling me that both servers are to be considered vulnerable. Is it starting, or am I just (un)lucky to see a couple??? take care, Coen Bongers Senior Network Engineer Mobiel: 06-2001 7443 E-mail: CoBat_private -----Original Message----- From: Alfred Huger [mailto:ahat_private] Sent: woensdag 1 augustus 2001 3:31 To: incidentsat_private Subject: Code Red, anyone? I realize that most of you have taken shelter and are awaiting the impending demise of the Internet s we know it. However for those of you stalwart bastions of courage who are still manning the ship in the face of this clear and present danger, I have a question. Anyone seeing Code Red activity yet? I just took a poll through our sensors in ARIS and see almost no activity at least none worth commenting on. Anyone else? VP Engineering SecurityFocus.com "Vae Victis" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 07:38:49 PDT