[21691] in bugtraq
RE: 'Code Red' does not seem to be scanning for IIS
daemon@ATHENA.MIT.EDU (Emre Yildirim)
Thu Jul 19 21:30:28 2001
Message-ID: <1274.138.26.156.240.995587211.squirrel@www.vsrc.uab.edu>
Date: Thu, 19 Jul 2001 19:00:11 -0500 (CDT)
From: "Emre Yildirim" <emre@vsrc.uab.edu>
To: <bugtraq@securityfocus.com>
In-Reply-To: <EIEOJCKGEPCLJHGCNNOPKEBLEBAA.marc@eeye.com>
Cc: <marc@eeye.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
> the worm just tries port 80 on ip's. doesnt care if its IIS or not.
This is weird. I just checked the www logs of one of our webservers, and
found about 144 hits in a 5 hours time span. There seems to be no pattern
either; the IPs are all random (although there were a lot of .cn and .tw
as wellas DSL hosts). One thing I've noticed is that the hits only appear at
certaintimes. I.e. from 15:25 to 15:31 we got about 27 hits, and there are some
other noticable times like 16:50 to 17:15. Maybe it's just a coincidence.
--
emre@unix.us.eu.org
(PS: Perhaps this should be posted to incidents@)
