3+ hours into "Code Red" (BST)

Joe Blanchard jblanchard at wyse.com
Fri Jul 20 02:55:22 UTC 2001

Oddly, right around 5pm(PST) I noticed less and less traffic(scans at my
firewall) looking for tcp port 80. At the height of today 50% of our traffic
on one of our T1s was various foreign addresses looking for open http
servers. This is much more then usual and at first thought to be a spoof
attack, but the nodes being scanned were too random. Don't know, but most of
the ips we logged turned out to be MS IIS none patched boxes. Wonder if
these hits on valid http servers are counted as hits and charged to the
advertisers? lol.
Oh well.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010719/7e695a08/attachment.html>

More information about the NANOG mailing list