[43453] in North American Network Operators' Group
RE: IDS Activity
daemon@ATHENA.MIT.EDU (Eric Germann)
Fri Oct 12 07:10:16 2001
Reply-To: <ekgermann@cctec.com>
From: "Eric Germann" <ekgermann@cctec.com>
To: <chris@bblabs.com>, <nanog@merit.edu>
Date: Fri, 12 Oct 2001 07:07:27 -0400
Message-ID: <NDBBJJPLIGJGLBKILFIHGEGFEDAA.ekgermann@cctec.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0074_01C152EC.8D3C8E00"
In-Reply-To: <200110112225.AA95617264@mail.turbonet.net>
Errors-To: owner-nanog-outgoing@merit.edu
This is a multi-part message in MIME format.
------=_NextPart_000_0074_01C152EC.8D3C8E00
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
The pattern looks like the usual Nimda/CodeRedI/CodeRedII stuff. The
frequency of scans is upticking though. Whether its planned or is a social
effect of possibly more machines on due to news, therefore more hosts for
the scanners, is unknown. Just keeping an eye on things.
Eric
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Christopher Wolff
> Sent: Friday, October 12, 2001 1:26 AM
> To: nanog@merit.edu
> Subject: Re: IDS Activity
>
>
>
> I haven't seen the IDS trips; however there has been an anomalous
> pattern of traffic on our border routers since 1400 MST.
>
> Please let me and the group know what you're seeing.
>
> ---------- Original Message ----------------------------------
> From: "Eric Germann" <ekgermann@cctec.com>
> Reply-To: <ekgermann@cctec.com>
> Date: Fri, 12 Oct 2001 01:03:43 -0400
>
> >Anyone seeing a ramp up in IDS trips? We've seen an 8-10 fold
> increase in
> >the last two hours.
> >
> >
> >=================================================================
> =========
> > Eric Germann CCTec
> > ekgermann@cctec.com Van Wert OH 45801
> > http://www.cctec.com Ph: 419 968 2640
> > Fax: 603 825 5893
> >
> >"It is so easy to miss pretty trivial solutions to problems deemed
> >complicated. The goal of a scientist is to find an interesting problem,
> >and live off it for a while. The goal of an engineer is to evade
> >interesting problems :)" -- Vadim Antonov <avg@kotovnik.com> on NANOG
> >
> >
> >
> >
> >
>
------=_NextPart_000_0074_01C152EC.8D3C8E00
Content-Type: text/x-vcard;
name="Eric Germann.vcf"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="Eric Germann.vcf"
BEGIN:VCARD
VERSION:2.1
N:Germann;Eric
FN:Eric Germann
ORG:CCTec
TEL;WORK;VOICE:(419) 968-2640
TEL;WORK;FAX:(603) 825-5893
ADR;WORK:;;17780 Middle Point Road;Van Wert;OH;45891;United States of =
America
LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:17780 Middle Point =
Road=3D0D=3D0AVan Wert, OH 45891=3D0D=3D0AUnited States of Americ=3D
a
URL:
URL:http://www.cctec.com
EMAIL;PREF;INTERNET:ekgermann@cctec.com
REV:20010529T013421Z
END:VCARD
------=_NextPart_000_0074_01C152EC.8D3C8E00--
