RE: Lots and lots of DNS lookups and increased number of /default .ida?XXXXXXXXXXXXXXXXXXXXXXXX...s

["Kinsey, Robert" <Robert.Kinsey () Veridian com>]

A clear majority of the /default.ida GET requests I see are from the class B
/16 and a noticable amount from the /8 range as well.  This fits all the
activity I've seen from the very onset of the CR II & D outbreaks.

Rob 

-----Original Message-----
From: Fred Cohen
To: incidents () securityfocus com
Sent: 9/27/01 9:04 PM
Subject: Lots and lots of DNS lookups and increased number of
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXX...s

I seem to be seeing very large numbers of DNS lookups and lots of
apparent /default.ida?XXXXXXXXXXXXXXXXXXXXXXXX...  lookups from my class
B as of the last hour or so. 

Anyone else?

FC
--This communication is confidential to the parties it is intended to
serve--
Fred Cohen              Fred Cohen &
Associates.........tel/fax:925-454-0171
fc () all net           The University of New
Haven.....http://www.unhca.com/
http://all.net/         Sandia National Laboratories....tel:925-294-2087


------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com