North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Code Red Scans
- From: Joe Blanchard
- Date: Wed Aug 01 16:07:02 2001
Title: Code Red Scans
Still seeing tons of traffic scanning for port 80s. Already sent off 4 emails to various .edu s that appear to be infected (several nodes) and one to Microsoft as well. In a brief listing of nodes my count is greater than 64k of unique IP addys so far.
Hmm, Pretty bad when MS themselves look to be infected. Or maybe there "testing" something, or someone is spoofing?
Aug 1 12:37:36: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/3383 dst inside:xxx.xxx.xxx.xxx/80
Aug 1 12:37:40: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/3383 dst inside:xxx.xxx.xxx.xxx/80
Aug 1 12:40:04: %PIX-3-106010: Deny inbound tcp src outside:131.107.190.124/41854 dst inside:xxx.xxx.xxx.xxx/80
Aug 1 12:40:08: %PIX-3-106010: Deny inbound tcp src outside:131.107.190.124/41854 dst inside:xxx.xxx.xxx.xxx/80
Aug 1 12:40:39: %PIX-3-106010: Deny inbound tcp src outside:131.107.86.103/4167 dst inside:xxx.xxx.xxx.xxx/80
Aug 1 12:41:52: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/4367 dst inside:xxx.xxx.xxx.xxx/80
Aug 1 12:42:00: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/4367 dst inside:xxx.xxx.xxx.xxx/80
Aug 1 12:43:02: %PIX-3-106010: Deny inbound tcp src outside:131.107.90.67/3667 dst inside:xxx.xxx.xxx.xxx/80
Microsoft Corporation (NET-MICROSOFT)
One Redmond Way
Redmond, WA 98052
US
Netname: MICROSOFT
Netblock: 131.107.0.0 - 131.107.255.255
Coordinator:
Microsoft (ZM39-ARIN) [email protected]
-Joe
|