Re: Code Red and other anomalous activity from 1433

From: Thomas Cannon (tcannon@noops.org)
Date: 07/11/02


Date: Thu, 11 Jul 2002 13:00:15 -0700 (PDT)
From: Thomas Cannon <tcannon@noops.org>
To: Curley Mr Eric P <CurleyEP@NOC.USMC.MIL>

On Thu, 11 Jul 2002, Curley Mr Eric P wrote:

> Has anybody else been getting slammed by Code Red activity today? It seems
> to be coming from mostly Asian blocks but there are some other blocks
> thrown in there as well. Then again it could all be spoofed and could be
> coming from the 12 year old down the street..Thrown into all this traffic
> I'm also seeing a lot of Dest ports with 1433; Possibly that SQL stuff that
> happened last month..anywho, just wanted to know if anybody else was
> experiencing this.
>
> Cheers,
> Eric

I haven't noticed anything unusual myself today, but a quick look at the
Internet Storm Center seems to indicate that port 80 is being pretty
heaving attacked. That might be folks going after the apache
chunked-encoding issue, though:

http://www.dshield.org/

-thomas

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com