Well, after emerging from the fallout shelter, I checked my NIDS for three different companies' subnets. Grand total: 48 instances of CodeRed signature matches (coincidentally, 16 incidents per site). <g>Well, thank goodness we brought in a third T1 to handle the stress. </g> Mike On Tue, Jul 31, 2001 at 09:31:37PM -0500, Glenn Forbes Fleming Larratt wrote: > Here at (unnamed-for-policy-reasons academic Class B) we've seen > exactly one packet matching our Snort rule for IIS exploit attempts of > the sort that include Code Red (from 195.219.102.44 in .de, FWIW). > > We've also examined MRTG graphs of all our network and subnet links, > paying particular attention to the turnover of 0000 UTC 1 August, and > have observed no anomalies in traffic flows that would indicate either > widespread infection or DDoS attempts. > > -g > > On Tue, 31 Jul 2001, Alfred Huger wrote: > > > I realize that most of you have taken shelter and are awaiting the > > impending demise of the Internet as we know it. However for those of you > > stalwart bastions of courage who are still manning the ship in the face of > > this clear and present danger, I have a question. Anyone seeing Code Red > > activity yet? > > > -- > Glenn Forbes Fleming Larratt The Lab Ratt (not briggs :-) > glrattat_private http://www.io.com/~glratt > There are imaginary bugs to chase in heaven. > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > -- Michael Sullenszino /----------------------------------------\ mikeat_private || Powered by OpenBSD (www.OpenBSD.org) || www.sullenszino.org || & Debian GNU/Linux (www.debian.org) || 206.722.6539 \----------------------------------------/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 08:07:23 PDT