Have you seen the newest wrinkle in the code red worm?
http://www.cert.org/incident_notes/IN-2001-10.html
Things here in Baltimore on @HOME are still fairly active with the worm.
Things peaked around Aug 8 with almost 80 hits per hour (all hits counted,
not unique ip's.)
Things now are down to about 20-30 hits per hour.
Has anybody done a study to see just who is running these compromised
servers?
I have had in the last month 8056 hits with the XXX worm, but these come from
only 1659 unique ip's. And, 4630 of those hits come from my "neighborhood",
24.182.xx.xx. One fellow has hit my machine 277 times. His web page is still
showing the too many user error and he is in Michigan. This guy has been
banging away since Aug 5 and continues up to this day!
497 hits have come from the NNN worm. This worm was much more orderly, with
each unique ip giving three hits each. Remarkably, not one IP comes from
my immediate neighborhood.
Things are slowing down a lot, as far as new infections around here. Here is
my XXX data for first hits by a unique ip (a new unique infection) since Aug 04.:
Hits Aug
106 04
197 05
206 06
212 07
171 08
163 09
122 10
101 11
84 12
71 13
64 14
73 15
64 16
27 17 (only part of a day)
So, things seem to be holding steady at about 60 new unique ip's per day
hitting my machine.
Joel
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
