[ale] CodeRed attacks, here we go again.

greg at turnstep.com greg at turnstep.com
Tue Sep 18 18:03:52 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>Would you mind sharing that with us? I'm would like to 
>do the same on my box...

Directions are on the aforementioned URL.

> Doubt it...it appears to be multi-threaded. You'll just aid it in
> consuming your own resources.

Could be. At least it gives some pleasure to think that I 
*might* be typing up one or two of those threads. No more 
time for it tonight however. Hopefully some of the servers 
will get patched by tomorrow. Like cadvision.com, 
grumble, grumble.

Here's a current snapshot of my system's logs:

Total lines read: 23727
Localhost hits: 275
TYPE                    TOTAL   PERCENT  UNIQUE IPS
 Nimda                   13887  58.53     302
 Code Red 2.0             1623   6.84     623
 Nimda 3                  1483   6.25     291
 Nimda 2                  1472   6.20     291
 Nimda 4                  1443   6.08     288
 Nimda 5                  1410   5.94     287
 Nimda 1                  1403   5.91     275
 Nimda 6                  1376   5.80     282
 Nimda 6                  1351   5.69     277
 Nimda 7                  1334   5.62     276
 Nimda 8                  1319   5.56     275
 Nimda 9                  1296   5.46     272
 Nimda 10                 1277   5.38     268
 Nimda 11                 1262   5.32     267
 Nimda 12                 1246   5.25     264
 Nimda 13                 1229   5.18     263
 Nimda 14                 1213   5.11     263
 Nimda 15                 1200   5.06     261
 Code Red probe             85   0.36      29
 admin                      61   0.26      28
 Code Green                 12   0.05       2
 Code Red 2.1                7   0.03       3
 x                           6   0.03       1
 Broken Code Red 2.0         3   0.01       1
 Broken Code Red 2.2         2   0.01       1
 MSADC                       1   0.00       1
 Broken Code Red 2.1         1   0.00       1

IP addresses found: 207 Limiting to top 10
207.228.233.5    1426  aspenweb1.superb.net
207.228.85.171   1384  h-207-228-85-171.gen.cadvision.com
207.228.244.15   1372  clients.web-hosting.com
207.228.121.123  1221  mail.upsideeng.com
207.228.85.180   1000  h-207-228-85-180.gen.cadvision.com
207.228.54.66    800  ???
207.228.64.88    762  calnt4fp4.cadvision.com
207.228.217.98   713  ???
207.228.104.200  682  h-207-228-104-200.gen.cadvision.com
209.91.116.184   622  h-209-91-116-184.gen.cadvision.com



Greg Sabino Mullane
greg at turnstep.com PGP Key: 0x14964AC8 200109181800


-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html

iQA/AwUBO6fEIbybkGcUlkrIEQL96gCgqfmqu8EP3ofRYsqDRti3WYXD3QwAn
1oA
kiYlSU6PySIOTZwMMDY+OyeH
=uKsQ
-----END PGP SIGNATURE-----

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list