RE: 'Code Red' does not seem to be scanning for IIS
From: Emre Yildirim (emre@vsrc.uab.edu)Date: 07/20/01
- Previous message: Harris, Michael C.: "Re: Two birds with one worm."
- In reply to: Marc Maiffret: "RE: 'Code Red' does not seem to be scanning for IIS"
- Next in thread: Kelly Martin: "RE: 'Code Red' does not seem to be scanning for IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <1274.138.26.156.240.995587211.squirrel@www.vsrc.uab.edu> Date: Thu, 19 Jul 2001 19:00:11 -0500 (CDT) Subject: RE: 'Code Red' does not seem to be scanning for IIS From: "Emre Yildirim" <emre@vsrc.uab.edu> To: <bugtraq@securityfocus.com>
> the worm just tries port 80 on ip's. doesnt care if its IIS or not.
This is weird. I just checked the www logs of one of our webservers, and
found about 144 hits in a 5 hours time span. There seems to be no pattern
either; the IPs are all random (although there were a lot of .cn and .tw
as wellas DSL hosts). One thing I've noticed is that the hits only appear at
certaintimes. I.e. from 15:25 to 15:31 we got about 27 hits, and there are some
other noticable times like 16:50 to 17:15. Maybe it's just a coincidence.
-- emre@unix.us.eu.org(PS: Perhaps this should be posted to incidents@)
- Previous message: Harris, Michael C.: "Re: Two birds with one worm."
- In reply to: Marc Maiffret: "RE: 'Code Red' does not seem to be scanning for IIS"
- Next in thread: Kelly Martin: "RE: 'Code Red' does not seem to be scanning for IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
