Hi, Found a few new ones in my logfiles.. Used grep.. What really is interesting is this: e0.filt2.davidson.tn.ena.net - - [01/Aug/2001:22:47:12 +0200] e0.filt2.davidson.tn.ena.net - - [01/Aug/2001:22:48:07 +0200] It tried two times from the same IP to the same IP.. Did the first request timeout?? is it a mutant.. dunno.. it is a fact that the same IP tried it twice.. within less then one minute. I'll keep the original logfiles.. just in case.. Any other double below is caused by the fact that this box contains multiple IP's.. I don't think any double would appear.. 34.mudd.nyrk.nycenycp.dsl.att.net - - [01/Aug/2001:20:07:15 +0200] wrkstn132.prgx.com - - [01/Aug/2001:20:14:17 +0200] 208.35.235.249 - - [01/Aug/2001:20:18:01 +0200] 213.82.235.2 - - [01/Aug/2001:22:25:09 +0200] 213.235.189.20 - - [01/Aug/2001:20:41:38 +0200] g076185.ap.plala.or.jp - - [01/Aug/2001:22:22:18 +0200] w078.z066088058.chi-il.dsl.cnc.net - - [01/Aug/2001:23:19:18 +0200] host213-123-198-162.in-addr.btopenworld.com - - [01/Aug/2001:20:19:19 +0200] 203.230.107.32 - - [01/Aug/2001:21:14:06 +0200] 211.40.227.165 - - [01/Aug/2001:19:49:05 +0200] 211.62.74.3 - - [01/Aug/2001:20:55:12 +0200] 159.226.99.170 - - [01/Aug/2001:21:32:09 +0200] 146.105.80.55 - - [01/Aug/2001:21:34:32 +0200] 66.7.0.247 - - [01/Aug/2001:21:47:36 +0200] 207.51.33.6 - - [01/Aug/2001:22:24:26 +0200] adsl-64-123-199-162.dsl.hstntx.swbell.net techimag.demon.co.uk - - [01/Aug/2001:22:39:37 +0200] pc065018.yeungnam.ac.kr - - [01/Aug/2001:23:44:52 +0200] ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 18:26:01 PDT