[53586] in North American Network Operators' Group
Re: some of these are worse than others
daemon@ATHENA.MIT.EDU (Petri Helenius)
Mon Nov 18 17:41:36 2002
From: "Petri Helenius" <pete@he.iki.fi>
To: "Paul Vixie" <paul@vix.com>, <nanog@merit.edu>
Date: Tue, 19 Nov 2002 00:41:02 +0200
Errors-To: owner-nanog-outgoing@merit.edu
Which signature database you use to match these or just log the 404's ?
Pete
----- Original Message -----
From: "Paul Vixie" <paul@vix.com>
To: <nanog@merit.edu>
Sent: Monday, November 18, 2002 11:31 PM
Subject: some of these are worse than others
>
> in the last few months since i most recently cleared out the database,
> my test network (a defunct /16) has received 3.8M http transactions
> containing 460K distinct worm bodies sent from 137K source addresses.
>
> the top 8, by quantity, are:
>
> srcaddr | count | first | last
> -----------------+--------+---------------------+---------------------
> 61.137.107.137 | 300772 | 2002-11-05 13:29:26 | 2002-11-14 03:19:42
> 210.82.7.205 | 72755 | 2002-11-13 14:12:00 | 2002-11-14 11:23:07
> 210.12.30.12 | 32450 | 2002-11-01 08:34:09 | 2002-11-01 09:04:10
> 24.193.82.174 | 31996 | 2002-10-30 11:56:58 | 2002-10-30 13:07:11
> 131.204.108.181 | 22524 | 2002-11-18 17:33:04 | 2002-11-18 18:05:13
> 24.76.78.204 | 22305 | 2002-10-30 12:13:39 | 2002-10-30 13:26:52
> 80.11.57.19 | 11379 | 2002-11-01 09:34:01 | 2002-11-01 10:49:20
> 63.142.226.235 | 10178 | 2002-11-08 12:51:44 | 2002-11-08 13:42:06
>
> if you see one of your own up there, please put your hands on some
> lineman's shears and Do The Right Thing.
>
