Yep, the DNS scans are definitely picking back up again. Code Red or some variant seems to have woken back up in the last 12 hours or so as well, plus I just saw this one: xxx.xxx.xxx.xxx - - [30/Aug/2001:10:04:34 -0700] "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.1" 400 It's happened more than once, and it's coming from the same IP that's also doing the normal code red thing. John On Thu, Aug 30, 2001 at 09:47:47AM -0400, Keith.Morgan wrote: > Is anyone else seeing a resurgence of DNS scans? Or, for the past month+ > have we just been dodging the bullet. DNS has been really quiet on our > networks for the past couple of months, but over the past two days, we've > seen a 90% increase. New worm? Kids back at school? Just a fluke? > > Keith T. Morgan > Chief of Information Security > Terradon Communications > keith.morganat_private > 304-755-8291 x142 > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Sep 01 2001 - 10:43:44 PDT