just as a thought , it must depend on what network your in , whereas I am in the 65.69 network, i recieve constant hits from infected nimda victims, but, i only received 5 hits since 8 Dec of the code red. just food for thought... cory On Sunday 09 December 2001 04:33 pm, Russell Fulton wrote: > HI All, > Has anyone else noticed that code red has bounced back very > quickly this month after its sleep period. In past months snort has > not seen CodeRed attacks until 9th or 10th, this month I started seeing > them on the 2nd and by the 4th they had overtaken nimda and now they > have overtaken lastmonths peak with 9 days to go. > > I also keep an eye on how many systems are probing us on port 80, this > jumped from about 800 unique source addresses per hour on Nov 30 to > nearly 3000 this morning. > > Any ideas what has changed? > > Russell Fulton, Computer and Network Security Officer > The University of Auckland, New Zealand > > > --------------------------------------------------------------------------- >- This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 10 2001 - 09:44:40 PST