Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

HTTP connections

From: "Gillard, Paul" <paul.gillard () radioscape com>
Date: Thu, 19 Jul 2001 18:22:36 +0100

In the past hour I've seen a dramatic increase in attempted connection to
port 80 for all the IP's we own, none of which are web servers. I usually
get about 1 a day but in the last hour I've had over thirty different IP's
trying to connect and it looks like it's increasing (examples below).

Has anybody any ideas on why this should increase so suddenly? Maybe
attempts from "code red" infected machines?

24.14.236.44     aaa.bbb.ccc.73    1130      80            deny   eth0:6
24.14.236.44     aaa.bbb.ccc.73    1130      80            deny   eth0:6
24.14.236.44     aaa.bbb.ccc.73    1130      80            deny   eth0:3
63.107.98.2      aaa.bbb.ccc.70    34296     80            deny   eth0:3
63.107.98.2      aaa.bbb.ccc.70    34296     80            deny   eth0:3
63.107.98.2      aaa.bbb.ccc.70    34296     80            deny   eth0:7
65.42.206.68     aaa.bbb.ccc.74    2193      80            deny   eth0:7
65.42.206.68     aaa.bbb.ccc.74    2193      80            deny   eth0:7
65.42.206.68     aaa.bbb.ccc.74    2193      80            deny   eth0
200.253.169.10   aaa.bbb.ccc.66    21999     80            deny   eth0
200.253.169.10   aaa.bbb.ccc.66    21999     80            deny   eth0:6
203.247.201.87   aaa.bbb.ccc.73    3582      80            deny   eth0:6
203.247.201.87   aaa.bbb.ccc.73    3582      80            deny   eth0:6
203.247.201.87   aaa.bbb.ccc.73    3582      80            deny   eth0:2
217.88.174.72    aaa.bbb.ccc.68    3163      80            deny   eth0:2
217.88.174.72    aaa.bbb.ccc.68    3163      80            deny   eth0:2
217.88.174.72    aaa.bbb.ccc.68    3163      80            deny   eth0:8
63.218.145.156   aaa.bbb.ccc.75    2684      80            deny   eth0:8
63.218.145.156   aaa.bbb.ccc.75    2684      80            deny   eth0:8
63.218.145.156   aaa.bbb.ccc.75    2684      80            deny   eth0:1
204.210.242.171  aaa.bbb.ccc.67    1503      80            deny   eth0:1
204.210.242.171  aaa.bbb.ccc.67    1503      80            deny   eth0:1
204.210.242.171  aaa.bbb.ccc.67    1503      80            deny   eth0:1   

Paul Gillard
System Administrator
RadioScape Ltd.
+44 (0)20 7317 3414
paul.gillard () radioscape com


 


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
postmaster () radioscape com.

This footnote also confirms that this email message has been scanned
for the presence of computer viruses known at the time of sending.

www.radioscape.com
**********************************************************************


----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: