[40920] in North American Network Operators' Group
RE: CR2 question
daemon@ATHENA.MIT.EDU (Smith, Rick)
Sat Aug 25 21:55:09 2001
Message-ID: <88786160BFD1D211B10800A0C9EC744EE1AF0C@CORP>
From: "Smith, Rick" <rsmith@atsworld.com>
To: 'Todd Suiter ' <todd@s4r.com>,
"'nanog@merit.edu '" <nanog@merit.edu>
Date: Sat, 25 Aug 2001 21:58:22 -0400
MIME-Version: 1.0
Content-Type: text/plain
Errors-To: owner-nanog-outgoing@merit.edu
I'm actually seeing several thousand port 80 scans per hour !
Code Red Log Checker
Beginning Time...
20:00:01
Ending Time:
21:00:00
Number of attacks...
3137
Number of unique addresses...
287
-----Original Message-----
From: Todd Suiter
To: nanog@merit.edu
Sent: 8/25/01 4:34 PM
Subject: CR2 question
Folks,
Its been almost a month, and my IDS is still picking up several
hundred CodeRed 2 attacks a day. Is anyone else seeing this same level
of continued
activity of this worm? I personally am somewhat at a loss as to how to
contact
people who are affected, as automated broadcasts to people, in my
opinion, are
NOT the way to go. BUT, going through several hundred IPs, a day, and
trying
to find someone at those organizations to speak to is A LOT of work. Any
ideas?
Thanks!
todd
