Funny that you mention this. I sent Alfred a quick reply last night (just
after he sent out the first Code Red feelers) noting this same kind of
activity. Our /24 hasn't seen a single Code Red scan yet, but Snort has
been flagging directory traversal and CGI probes since about 9PM last night.
I can't wait until high school is back in session and this nonsense takes a
back seat...
Keith
>Agreed. I'm seeing a sharp increase in HEAD queries, HTTP relay
>attempts, formmail probes, as well as a whole assortment of HTTP type
>probing in general. I have seen 9 confirmed Code Red traces,
>but this is
>almost background noise to the amount of TCP/80 traffic that has kicked
>up since early this morning.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Aug 01 2001
Intro
