[Gllug] Code Red (2001-02-08)

Richard Cohen richard at vmlinuz.org
Thu Aug 2 13:39:42 UTC 2001


On Thu, 2 Aug 2001, Gordon Joly wrote:

>
> Two attempts today (so far)
>
>
> 211.74.49.128 - - [02/Aug/2001:12:29:27 +0100]
> 61.37.119.67 - - [02/Aug/2001:13:19:45 +0100]
>
>
> [gordo]$ host 211.74.49.128
> 128.49.74.211.in-addr.arpa. domain name pointer tn49-128.dialup.seed.net.tw.
> [gordo]$ host 61.37.119.67
> Host 67.119.37.61.in-addr.arpa. not found: 3(NXDOMAIN)

This log starts at 0400 this morning:

[vmlinuz at ns httpd]$ grep ida access | cut -f 2-6 -d \
202.64.32.84 - - [02/Aug/2001:04:33:52 +0100]
www.systex.com.tw - - [02/Aug/2001:04:52:31 +0100]
dsl092-128-206.chi1.dsl.speakeasy.net - - [02/Aug/2001:05:04:43 +0100]
61-221-128-132.hinet-ip.hinet.net - - [02/Aug/2001:05:16:48 +0100]
211.42.173.74 - - [02/Aug/2001:05:25:05 +0100]
ip661.boanxx6.adsl.tele.dk - - [02/Aug/2001:05:27:19 +0100]
154.5.241.70 - - [02/Aug/2001:05:29:23 +0100]
211.171.88.25 - - [02/Aug/2001:06:23:08 +0100]
211.235.246.9 - - [02/Aug/2001:06:40:06 +0100]
sys-208.19.237.78.primary.net - - [02/Aug/2001:06:42:52 +0100]
210.109.54.19 - - [02/Aug/2001:06:46:42 +0100]
61.151.232.167 - - [02/Aug/2001:07:32:09 +0100]
199.164.171.70 - - [02/Aug/2001:07:49:19 +0100]
210.106.227.104 - - [02/Aug/2001:08:24:42 +0100]
211.227.252.184 - - [02/Aug/2001:09:30:55 +0100]
211.39.177.70 - - [02/Aug/2001:10:29:33 +0100]
chisq.korea.ac.kr - - [02/Aug/2001:10:38:31 +0100]
202.97.164.188 - - [02/Aug/2001:11:33:30 +0100]
137.204.211.84 - - [02/Aug/2001:11:36:57 +0100]
63.222.107.162 - - [02/Aug/2001:12:03:52 +0100]
211.216.136.72 - - [02/Aug/2001:12:12:01 +0100]
203.247.201.155 - - [02/Aug/2001:12:13:23 +0100]
24-108-99-235.ivideon.com - - [02/Aug/2001:12:21:32 +0100]
64.55.106.100 - - [02/Aug/2001:12:37:56 +0100]
211.107.15.240 - - [02/Aug/2001:12:38:36 +0100]
163.29.146.150 - - [02/Aug/2001:12:53:45 +0100]
211.167.65.225 - - [02/Aug/2001:13:01:25 +0100]
194.27.51.1 - - [02/Aug/2001:13:25:29 +0100]
210.151.38.180 - - [02/Aug/2001:13:26:17 +0100]
207.77.186.224 - - [02/Aug/2001:13:47:58 +0100]
alfred.clemson.edu - - [02/Aug/2001:13:55:54 +0100]
[vmlinuz at ns httpd]$ grep ida access | cut -f 2-6 -d \  | wc -l
     31

Yesterday's log:

[vmlinuz at ns httpd]$ zgrep ida access.1.gz | cut -f 2-6 -d \  | wc -l
     30

So I'm up to 61 attacks over 2 IP addresses at this point...

> Gordo

Cheers
Richard


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list