On Sun, 5 Aug 2001, John Davidson wrote: > My W2k IIS logs show 3 CRv2 scans from the same source IP within the same > minute. Here everytime I get scanned, my Apache logs are showing a double hit. Snort is also logging the two back-to-back attempts. Another weird bit is that some hosts are hitting me again as quickly as 45 minutes. I wonder if some people are running injectors(c). I've also noticed that I'm getting hit by different hosts about every 2 mintutes. I wonder if we have hit a saturation point. Anyone thought about the total time for this to have statistically scanned the entire IP address space? Someone out there has to be a statistician.. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 20:40:17 PDT