North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red growth stats

  • From: Dave Stewart
  • Date: Wed Aug 01 13:35:52 2001

At 12:44 PM 8/1/2001, k claffy wrote:
no per AS stats for this outbreak yet,
also under construction.
I hadn't seen this behavior before... every 5 minutes, starting at 12:57PM EDT, a host at is performing the probe...

12:57:01 -0400
13:01:56 -0400
13:06:53 -0400
13:11:50 -0400
13:16:47 -0400

and now it's stopped.

In every previous case, a host has hit the machine I'm looking at one time and then never been heard from again.

The possibility exists that this is a firewall of some sort, and multiple machines behind it are probing....

Or possibly multiple instances of CodeRed are running on this machine...

These two possibilities seem most likely... but it does bring this interesting thought to mind... has a variant been introduced that tries for half an hour to probe the same host?