Snort mailing list archives
RE: OT: Oddity with CRII
From: "Mark Spieth" <mspieth () shellserve net>
Date: Tue, 7 Aug 2001 11:12:18 -0400
Erek, We monitor some 70 firewalls and see the same thing, some servers are hit repeatedly and some only once in a while. The worm is random as too the IP addresses it chooses to hit. For more information about the worm look at http://aris.securityfocus.com/alerts/codered2/010805-Analysis-CodeRedII. pdf -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Erek Adams Sent: Tuesday, August 07, 2001 10:53 AM To: Snorters Anonymous Subject: [Snort-users] OT: Oddity with CRII Ok, snort got updated and restarted yesterday at 14:06 (-8:00 PST). Since then I've seen quite a bit of CRII traffic, but with one oddity. There are two boxes here with web servers on them. One has been hit 5 times since the restart. The other: 143 times. Now both boxes are _not_ Windows based, both are running the same version of Apache/PHP. Anyone have any ideas about _why_ the different amount of attacks? ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OT: Oddity with CRII Erek Adams (Aug 07)
- RE: OT: Oddity with CRII Mark Spieth (Aug 07)
- RE: OT: Oddity with CRII Erek Adams (Aug 07)
- RE: OT: Oddity with CRII Ryan Russell (Aug 07)
- RE: OT: Oddity with CRII Mark Spieth (Aug 07)