Security Incidents mailing list archives
Re: CodeRed Activity
From: "Portnoy, Gary" <gportnoy () belenosinc com>
Date: Wed, 1 Aug 2001 13:55:38 -0400
Greetings, Looking at my firewall logs. There are about 50 hosts behind the firewall. Only a handfull are listening on port 80. The following are the SYN's to hosts that are not listening on port 80. I usually get a few a day, today there is a tremendous increase. I attribute that to CodeRed, but I guess i can't be 100% sure (as Al and the like have pointed out), though i am highly inclined to believe it so.... Times are in EDT (GMT -4): Time Connection attempts ------------------------------------------------------ 4-5 am 1 5-6 am 1 6-7 am 2 7-8 am 3 8-9 am 4 9-10 am 7 10-11 am 12 11-12 am 13 12-1 pm 21 1-1:40 pm 24 In addition, from Snort logs there are 16 confirmed CodeRed attempts to the hosts that are listening on port 80... HTH, -Gary- Gary Portnoy Network Administrator gportnoy () belenosinc com PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D E01A 2E89 9D2C ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- CodeRed Activity dave . goldsmith (Aug 01)
- Re: CodeRed Activity Stuart Staniford (Aug 01)
- Re: CodeRed Activity Ryan Russell (Aug 01)
- Re: CodeRed Activity Stuart Staniford (Aug 01)
- Re: CodeRed Activity Ryan Russell (Aug 01)
- <Possible follow-ups>
- Re: CodeRed Activity Portnoy, Gary (Aug 01)
- Re: CodeRed Activity Stuart Staniford (Aug 01)