[Gllug] Code Blue
Ian Northeast
ian at house-from-hell.demon.co.uk
Tue Sep 18 22:23:54 UTC 2001
will wrote:
>
> ----- Original Message -----
> From: <tet at accucard.com>
> To: <gllug at linux.co.uk>
> Sent: Tuesday, September 18, 2001 4:52 PM
> Subject: Re: [Gllug] Code Blue
>
> >
> > >We're being quite aggressively scanned at the moment,
> >
> > We've had 72 incidents since Sunday evening, each one consisting of
> > 13 separate exploits attempts...
I just checked our web server - 1660 hits today, 7 yesterday. They seem
to come predominantly from machines where the first 2 octets of the IP
address are shared, although a fair few come from ones with only the
first octet shared. I think this was a Code Red habit too.
Unfortunately, we seem to share our first two octets with something in
Russia which is pounding us.
1660 hits/day isn't going to cause us a problem. But it's up ~30x from
CRII at its most virulent, so it needs an eye keeping on it I think.
Regards, Ian
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list