North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Code Red growth stats
At 12:44 PM 8/1/2001, k claffy wrote: I hadn't seen this behavior before... every 5 minutes, starting at 12:57PM EDT, a host at e0.filt2.knox.tn.ena.net is performing the probe...no per AS stats for this outbreak yet, also under construction. 12:57:01 -0400 13:01:56 -0400 13:06:53 -0400 13:11:50 -0400 13:16:47 -0400 and now it's stopped. In every previous case, a host has hit the machine I'm looking at one time and then never been heard from again. The possibility exists that this is a firewall of some sort, and multiple machines behind it are probing.... Or possibly multiple instances of CodeRed are running on this machine... These two possibilities seem most likely... but it does bring this interesting thought to mind... has a variant been introduced that tries for half an hour to probe the same host?
|