On Wed, Aug 01, 2001 at 04:36:18PM +0100, Sean Kelly wrote: > My webcache is having a massive ammount of requests for > http://www.worm.com/default.ida?. Is this an infected machine trying to > scan, or is this a scanner trying to detect compromised hosts? On the last round, the hosts trying to access it matched almost exactly those found to be vulnerable to Code Red. One host managed 46 million requests over a 30 hour period. Once again we've got hosts hammering away at the cache with requests for that URL, and some admins not taking them offline when asked. *sigh* -- --------------- Robin Stevens <robin.stevensat_private> ----------------- Oxford University Computing Services ----------- Web: http://www.cynic.org.uk/ ------- (+44)(0)1865: 273212 (work) 273275 (fax) Mobile: 07776 235326 ------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 11:26:31 PDT