[39737] in North American Network Operators' Group
Re: Code Red on dial-in ppp
daemon@ATHENA.MIT.EDU (Keith Woodworth)
Sat Jul 21 14:45:13 2001
Date: Sat, 21 Jul 2001 11:44:49 -0700 (PDT)
From: Keith Woodworth <kwoody@citytel.net>
To: Chris Adams <cmadams@hiwaay.net>
Cc: nanog@merit.edu
In-Reply-To: <20010721130906.A15304@HiWAAY.net>
Message-ID: <Pine.BSI.4.05L.10107211112250.17995-100000@gumby.citytel.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 21 Jul 2001, Chris Adams wrote:
|+Interesting to note that the one host from our IP space that hit one of
|+our servers was NOT in the report I received. We had over 21,000 hosts
|+try this on our (Unix/Apache) web servers. Is someone collecting logs
|+to generate reports?
Weird but Ive been scanning our Apache logs and have yet to see any
attempts for this yet.
Snort has reported 414 alerts w/ regards to Code Red in about a 12 hour
period, but none of the destinations are where are web server sits, just
all in our DSL range.
Keith
