RE: Increased IIS scans mainly on 66.0.0.0/8 - Update
From: Richard Gilman (Richard.Gilman@ntn.com)Date: 08/19/02
- Previous message: Mike Arnold: "Re: BIND scan from Wanadoo.fr"
- Next in thread: Richard Gilman: "RE: Increased IIS scans mainly on 66.0.0.0/8 - Update"
- Reply: Richard Gilman: "RE: Increased IIS scans mainly on 66.0.0.0/8 - Update"
- Reply: Russell Fulton: "RE: Increased IIS scans mainly on 66.0.0.0/8 - Update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 Aug 2002 08:19:12 -0700 From: "Richard Gilman" <Richard.Gilman@ntn.com> To: <incidents@securityfocus.com>
I did a query of the WEB-IIS cmd.exe access alerts for 8/15 on our
66.0.0.0/8 network and I see 31 sources each send in multiples of 13
attempts. Of the 31 hosts, 3 sources were not from 66/8. One of those
was from wanadoo.fr with 130 hits. The hits can come as fast as 2 per
second, so I assume that it has to be scripted. This is only an
annoyance and does not do anything more that make noise in my logs, but
I think it is some sort of worm because of the fact they all send in
multiples of 13 and it seems that the odds of having 31 script kiddies
running the same script against our site in the same day is fairly low
and over a month we have 448 different sources doing the same thing.
Just an observation if you are interested.
Rich
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Mike Arnold: "Re: BIND scan from Wanadoo.fr"
- Next in thread: Richard Gilman: "RE: Increased IIS scans mainly on 66.0.0.0/8 - Update"
- Reply: Richard Gilman: "RE: Increased IIS scans mainly on 66.0.0.0/8 - Update"
- Reply: Russell Fulton: "RE: Increased IIS scans mainly on 66.0.0.0/8 - Update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
