Code Red Scans
Joe Blanchard
jblanchard at wyse.com
Wed Aug 1 20:03:03 UTC 2001
Still seeing tons of traffic scanning for port 80s. Already sent off 4
emails to various .edu s that appear to be infected (several nodes) and one
to Microsoft as well. In a brief listing of nodes my count is greater than
64k of unique IP addys so far.
Hmm, Pretty bad when MS themselves look to be infected. Or maybe there
"testing" something, or someone is spoofing?
> Aug 1 12:37:36: %PIX-3-106010: Deny inbound tcp src
> outside:131.107.112.124/3383 dst inside:xxx.xxx.xxx.xxx/80
> Aug 1 12:37:40: %PIX-3-106010: Deny inbound tcp src
> outside:131.107.112.124/3383 dst inside:xxx.xxx.xxx.xxx/80
> Aug 1 12:40:04: %PIX-3-106010: Deny inbound tcp src
> outside:131.107.190.124/41854 dst inside:xxx.xxx.xxx.xxx/80
> Aug 1 12:40:08: %PIX-3-106010: Deny inbound tcp src
> outside:131.107.190.124/41854 dst inside:xxx.xxx.xxx.xxx/80
> Aug 1 12:40:39: %PIX-3-106010: Deny inbound tcp src
> outside:131.107.86.103/4167 dst inside:xxx.xxx.xxx.xxx/80
> Aug 1 12:41:52: %PIX-3-106010: Deny inbound tcp src
> outside:131.107.112.124/4367 dst inside:xxx.xxx.xxx.xxx/80
> Aug 1 12:42:00: %PIX-3-106010: Deny inbound tcp src
> outside:131.107.112.124/4367 dst inside:xxx.xxx.xxx.xxx/80
> Aug 1 12:43:02: %PIX-3-106010: Deny inbound tcp src
> outside:131.107.90.67/3667 dst inside:xxx.xxx.xxx.xxx/80
>
>
>
Microsoft Corporation (NET-MICROSOFT)
One Redmond Way
Redmond, WA 98052
US
Netname: MICROSOFT
Netblock: 131.107.0.0 - 131.107.255.255
Coordinator:
Microsoft (ZM39-ARIN) noc at microsoft.com
-Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010801/3d4618bc/attachment.html>
More information about the NANOG
mailing list