[59380] in North American Network Operators' Group
Live attackers or blind worms? (was Re: Country of Origin for
daemon@ATHENA.MIT.EDU (Bill Zeng)
Thu Jun 26 23:04:52 2003
Date: Thu, 26 Jun 2003 23:03:58 -0400 (EDT)
From: Bill Zeng <bill@hotunix.com>
To: nanog@merit.edu
In-Reply-To: <sefb6aa1.051@imail.mbs.gov.on.ca>
Errors-To: owner-nanog-outgoing@merit.edu
Since the birth of CodeRed II and Nimda in Fall 2001, web/IDS logs have
constantly been filled with steady influx of IIS-based attacks.
I remember a site was set up for people to report IP's of attacking boxes
infected with such worms. Having seen such log entries piling up fast and
nonstop for the past 22 months, I often wondered that they could serve as
a good cover for directed, covert attacks by real persons/groups.
This posting might not be a qualified topic for this list - my apologies.
Bill
