Greetings,
Looking at my firewall logs. There are about 50 hosts behind the firewall.
Only a handfull are listening on port 80. The following are the SYN's to
hosts that are not listening on port 80. I usually get a few a day, today
there is a tremendous increase. I attribute that to CodeRed, but I guess i
can't be 100% sure (as Al and the like have pointed out), though i am highly
inclined to believe it so....
Times are in EDT (GMT -4):
Time Connection attempts
------------------------------------------------------
4-5 am 1
5-6 am 1
6-7 am 2
7-8 am 3
8-9 am 4
9-10 am 7
10-11 am 12
11-12 am 13
12-1 pm 21
1-1:40 pm 24
In addition, from Snort logs there are 16 confirmed CodeRed attempts to the
hosts that are listening on port 80...
HTH,
-Gary-
Gary Portnoy
Network Administrator
gportnoy_at_belenosinc.com
PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D E01A 2E89 9D2C
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Aug 01 2001
Intro
