Re: CodeRed back with with a vengence this month!

From: zeno (bugtraqat_private)
Date: Mon Dec 10 2001 - 08:19:29 PST

Next message: Schroeder, Eric: "RE: Voluminous SSHd scanning; possible worm activity?"

Previous message: Neil Dickey: "Re: Voluminous SSHd scanning; possible worm activity?"
In reply to: Russell Fulton: "CodeRed back with with a vengence this month!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey,

> quickly this month after its sleep period.  In past months snort has 
> not seen CodeRed attacks until 9th or 10th, this month I started seeing 

I saw a couple log entries but they where from the 8th nothing on the day
you speak of. .


> jumped from about 800 unique source addresses per hour on Nov 30 to 
> nearly 3000 this morning.

damn if it helps I haven't seen this much traffic maybe a new worm version that
starts on 1.x.x.x and adds one? What subnet you on? I'm on 199.x.x.x and seen
almost nothing.

- zenomorph


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Schroeder, Eric: "RE: Voluminous SSHd scanning; possible worm activity?"
Previous message: Neil Dickey: "Re: Voluminous SSHd scanning; possible worm activity?"
In reply to: Russell Fulton: "CodeRed back with with a vengence this month!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 10 2001 - 11:44:18 PST