[Gllug] Code Blue

Ian Northeast ian at house-from-hell.demon.co.uk
Tue Sep 18 22:23:54 UTC 2001


will wrote:
> 
> ----- Original Message -----
> From: <tet at accucard.com>
> To: <gllug at linux.co.uk>
> Sent: Tuesday, September 18, 2001 4:52 PM
> Subject: Re: [Gllug] Code Blue
> 
> >
> > >We're being quite aggressively scanned at the moment,
> >
> > We've had 72 incidents since Sunday evening, each one consisting of
> > 13 separate exploits attempts...

I just checked our web server - 1660 hits today, 7 yesterday. They seem
to come predominantly from machines where the first 2 octets of the IP
address are shared, although a fair few come from ones with only the
first octet shared. I think this was a Code Red habit too.
Unfortunately, we seem to share our first two octets with something in
Russia which is pounding us.

1660 hits/day isn't going to cause us a problem. But it's up ~30x from
CRII at its most virulent, so it needs an eye keeping on it I think.

Regards, Ian

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list