A clear majority of the /default.ida GET requests I see are from the class B /16 and a noticable amount from the /8 range as well. This fits all the activity I've seen from the very onset of the CR II & D outbreaks. Rob -----Original Message----- From: Fred Cohen To: incidentsat_private Sent: 9/27/01 9:04 PM Subject: Lots and lots of DNS lookups and increased number of /default.ida?XXXXXXXXXXXXXXXXXXXXXXXX...s I seem to be seeing very large numbers of DNS lookups and lots of apparent /default.ida?XXXXXXXXXXXXXXXXXXXXXXXX... lookups from my class B as of the last hour or so. Anyone else? FC --This communication is confidential to the parties it is intended to serve-- Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 fcat_private The University of New Haven.....http://www.unhca.com/ http://all.net/ Sandia National Laboratories....tel:925-294-2087 ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 11:20:29 PDT