Re: CRv2 multiple scans from same source IP

[Chris Freeze <cfreeze () cfreeze com>]

On Sun, 5 Aug 2001, John Davidson wrote:

> My W2k IIS logs show 3 CRv2 scans from the same source IP within the same
> minute.

Here everytime I get scanned, my Apache logs are showing a double hit.
Snort is also logging the two back-to-back attempts.  Another weird bit is
that some hosts are hitting me again as quickly as 45 minutes. I wonder if
some people are running injectors(c).  I've also noticed that I'm getting
hit by different hosts about every 2 mintutes.  I wonder if we have hit a
saturation point. Anyone thought about the total time for this to have
statistically scanned the entire IP address space?  Someone out there has
to be a statistician..



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com