Here is just a little number of what are web hosting boxs gets hit with. We have 3 class C ips setup per box. Back on July 19 i checked the access_logs for the code worm we where hit over 16,000 in 3 days We have 2 web server boxs that both were hit over 16,000 times back on the 19th. Today i checked i got a number of Web1 3228 times and growing as i type this. Web2 has not even been hit yet. Ralph Gervolino Systems Administrator Datapeer, Inc. web: http://www.datapeer.com/ email: rgervolinoat_private -----Original Message----- From: Ed Miles [mailto:emilesat_private] Sent: Wednesday, August 01, 2001 2:03 PM To: incidentsat_private Subject: code red scans -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [crash@xxxxxxxx]:log# grep default.ida httpd.log|wc -l 26 xxxxx log/httpd# grep default.ida access_log|wc -l 21 47 total attempts on 2 systems (would probably be interesting to monitor the windows systems on this small dsl network as well..) -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO2hDHtPcMs7Gb31tEQKqoQCgyhhBMm0N4Rv1IvILa4JZctHYKzsAmgON A06giglZzPcArmOvlYwiIfOJ =A4KZ -----END PGP SIGNATURE----- ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 12:15:50 PDT