Funny that you mention this. I sent Alfred a quick reply last night (just after he sent out the first Code Red feelers) noting this same kind of activity. Our /24 hasn't seen a single Code Red scan yet, but Snort has been flagging directory traversal and CGI probes since about 9PM last night. I can't wait until high school is back in session and this nonsense takes a back seat... Keith >Agreed. I'm seeing a sharp increase in HEAD queries, HTTP relay >attempts, formmail probes, as well as a whole assortment of HTTP type >probing in general. I have seen 9 confirmed Code Red traces, >but this is >almost background noise to the amount of TCP/80 traffic that has kicked >up since early this morning. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 09:25:58 PDT