Re: Antwort: The new Code Alert

["J. C. Woods" <drjung () sprynet com>]

ks () schuricht de wrote:
> Hi Anthony,
>
> > It seems the code alert 2 becomes crasy here
> > (Los angeles) I keep receiving 1 alert / 2 minutes
> > of a new attack. (web dir, web command attempt.)
>
> In Bremen/Germany the same :) The logfile from yesterday is about
> 4.7 MB of size...in the meantime our firewalls have blocked traffic
> from round about 1800 hosts that seems to be infected...
>
> Hope we can stop this 'tcpspam' :)
>
> Best regards,
>   Kai.

> It seems the code alert 2 becomes crasy here
> (Los angeles) I keep receiving 1 alert / 2 minutes
> of a new attack. (web dir, web command attempt.)
>
> -----Original Message-----
> From: Migus, Adam [mailto:Adam_Migus () NAI com]
> Sent: Monday, August 06, 2001 1:38 PM
> To: 'snort-users () lists sourceforge net'
> Subject: [Snort-users] Definitive Code Red rule
>
> Ok so there's a thousand emails going around about the Code Red Worm.  So
> what is the definitive rule/signature for snort 1.7 and 1.8 that people are
> using?
>
> Adam


Yea, just to check in from Dallas, TX, it is crazy here too. I am
rotating logs daily, something I usually do weekly, and they are still
reaching 5mgs before I rotate. Yes, your description fits nicely,
"tcpspam". And, hell, I don't even run IIS, and would not if Gates paid
me to do so.....

Weathering the storm,
drjung
-- 
J. Craig Woods
UNIX SA

-Art is the illusion of spontaneity-

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users