in the last few months since i most recently cleared out the database,
my test network (a defunct /16) has received 3.8M http transactions
containing 460K distinct worm bodies sent from 137K source addresses.
the top 8, by quantity, are:
srcaddr | count |first|
Which signature database you use to match these or just log the 404's ?
Pete
- Original Message -
From: Paul Vixie [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 18, 2002 11:31 PM
Subject: some of these are worse than others
in the last few months since i most
PROTECTED]]On Behalf Of
Paul Vixie
Sent: Monday, November 18, 2002 4:31 PM
To: [EMAIL PROTECTED]
Subject: some of these are worse than others
in the last few months since i most recently cleared out the database,
my test network (a defunct /16) has received 3.8M http transactions
containing