I run a TINY setup - grand total of 3 IPs on 64.* and I'm getting hammered. Since 1PM EST (cable cut this morning :( ), we've seen almost 4,400 cmd.exe and 4,300 multiple decode IIS probes and the rate is fairly constant even in the last hour (8-9PM EST) We're seeing hits from about 400 unique IPs so far. So even on a REALLY small network the amount of probes is impressive. Mike Sevo Stille wrote: > David Kennedy CISSP wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I started getting hit @ 13:09:55 UTC this morning. My sensor have >> not been touched since 19:15:10 UTC this afternoon. > > > > Well, in the 212 netblock it is still going on, even though the rate has > been approximately halving every hour for the last two hours. The last > hit so far was at 23:48:31 UTC. Originally, about 10% came from all over > the /8 I'm in, but for the last hour, it has been all from my /16. > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 20:06:32 PDT