[52078] in North American Network Operators' Group
Re: Strange internet activity
daemon@ATHENA.MIT.EDU (David Van Duzer)
Sat Sep 14 16:22:37 2002
From: David Van Duzer <dvanduzer@infidels.org>
To: nanog@merit.edu
In-Reply-To:
<Pine.LNX.4.44.0209141920000.18299-100000@staff.netvision.net.il>
Date: 14 Sep 2002 14:22:33 -0600
Errors-To: owner-nanog-outgoing@merit.edu
Are the requests coming in on port 443? This might be a probe or attempt
at exploiting the OpenSSL worm that's supposed to be running around.
There's been some discussion on bugtraq, and there's a mirrored archive
at http://msgs.securepoint.com/cgi-bin/get/bugtraq0209/104.html
Someone may have written an exploit to probe using code for all
architectures indiscriminately. Unfortunately, www.securityfocus.com
seems to be "undergoing scheduled maintenance" and with this wonky DNS
update going on, I'm not even sure I'm hitting the right server. Oh
well.
-dvd
On Sat, 2002-09-14 at 10:22, Arie Vayner wrote:
>
>
> Hi
>
> Has anyone noticed any strange internet activity in the past few hours?
> I have noticed lot's of client host generating a massive number of HTTP
> GET requests to WEB servers (like a single host sending a flood of more
> than 50 requests)
>
> The clients seem to be windows boxs...
>
> Arie
>
