"Code Red" worm

[Sam Spade <samspade () optonline net>]

I guess I'm pretty lucky because ZoneAlarm has only given me about 35 alerts
today on attempts for port 80.  The interesting thing is the ports they are
comming from though.  I think that the number port deals directly to how
many times the machine has been infected and what thread is scanning you.

FWIN,2001/07/19,14:26:15 -4:00 GMT,64.34.49.117:39177,24.45.194.223:80,TCP
(flags:S)
FWIN,2001/07/19,15:25:59 -4:00 GMT,148.202.102.7:1312,24.45.194.223:80,TCP
(flags:S)
FWIN,2001/07/19,15:29:12 -4:00 GMT,207.193.68.34:2414,24.45.194.223:80,TCP
(flags:S)
FWIN,2001/07/19,17:24:22 -4:00 GMT,169.207.32.178:1468,24.45.194.223:80,TCP
(flags:S)
FWIN,2001/07/19,17:30:18 -4:00 GMT,172.152.200.119:3997,24.45.194.223:80,TCP
(flags:S)
FWIN,2001/07/19,17:47:36 -4:00 GMT,64.30.0.244:4896,24.45.194.223:80,TCP
(flags:S)
FWIN,2001/07/19,18:06:53 -4:00 GMT,208.27.168.17:2435,24.45.194.223:80,TCP
(flags:S)
FWIN,2001/07/19,18:08:40 -4:00 GMT,64.209.28.21:50823,24.45.194.223:80,TCP
(flags:S)
FWIN,2001/07/19,19:09:53 -4:00 GMT,200.54.190.233:2089,24.45.194.223:80,TCP
(flags:S)
FWIN,2001/07/19,19:10:03 -4:00 GMT,141.222.1.32:2389,24.45.194.223:80,TCP
(flags:S)

As you can see no repeat offenders.  The scanning ports do look strange
though.  High ports mean high infection rate?

SamSpade
------------------
zebulun () cyberarmy com