Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: http://www.worm.com/default.ida? requests

Re: http://www.worm.com/default.ida? requests

From: Robin Stevens <robin.stevens_at_computing-services.oxford.ac.uk>
Date: Wed, 1 Aug 2001 19:07:21 +0100

On Wed, Aug 01, 2001 at 04:36:18PM +0100, Sean Kelly wrote:
> My webcache is having a massive ammount of requests for
> http://www.worm.com/default.ida?. Is this an infected machine trying to
> scan, or is this a scanner trying to detect compromised hosts?

On the last round, the hosts trying to access it matched almost exactly
those found to be vulnerable to Code Red. One host managed 46 million
requests over a 30 hour period.

Once again we've got hosts hammering away at the cache with requests for
that URL, and some admins not taking them offline when asked. *sigh* 

-- 
--------------- Robin Stevens  <robin.stevens_at_oucs.ox.ac.uk> -----------------
Oxford University Computing Services ----------- Web: http://www.cynic.org.uk/
------- (+44)(0)1865: 273212 (work) 273275 (fax)  Mobile: 07776 235326 -------
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Aug 01 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos