nanog mailing list archives
Re: Code Red Hammering Away
From: Simon Lyall <simon.lyall () ihug co nz>
Date: Sun, 5 Aug 2001 09:10:19 +1200 (NZST)
On Sat, 4 Aug 2001, Bob K wrote:
N's versus X's on a server with a block of 5 IP's as of August 1, 4AM EDT:
4:53:42pm|melange@host:/home/melange> grep default.ida /var/log/httpd-access.log | grep NNNNN|wc -l
436
4:53:48pm|melange@host:/home/melange> grep default.ida /var/log/httpd-access.log | grep XXXXX | wc -l
6
Checking back the first XXXX one I saw was about 9 hours ago, since then the number of XXXX and NNNN accesses has been about even. Actually checking other logs I would say XXX accesses are the majority (over 80%) in the last 4 or 5 hours. I would guess a better version, perhaps it deletes the old Code Red copy when it infects a machine which enables it to grow so fast. -- Simon Lyall. | Newsmaster | Work: simon.lyall () ihug co nz Senior Network/System Admin | Postmaster | Home: simon () darkmere gen nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz
Current thread:
- Re: Code Red Hammering Away, (continued)
- Re: Code Red Hammering Away Gregory (Grisha) Trubetskoy (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away Bob K (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away Av (Aug 04)
- Re: Code Red Hammering Away Bob K (Aug 04)
- Re: Code Red Hammering Away Sameh Ghane (Aug 04)
- Re: Code Red Hammering Away Advanced Hosting UNIX Admin Daniel Fairchild (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away William Allen Simpson (Aug 04)
- Re: Code Red Hammering Away michael (Aug 04)
- Re: Code Red Hammering Away Gregory (Grisha) Trubetskoy (Aug 04)
- Re: Code Red Hammering Away Simon Lyall (Aug 04)