Code Red Scans

• From: Joe Blanchard
• Date: Wed Aug 01 16:07:02 2001

Still seeing tons of traffic scanning for port 80s. Already sent off 4 emails to various .edu s that appear to be infected (several nodes) and one to Microsoft as well. In a brief listing of nodes my count is greater than 64k of unique IP addys so far.

Hmm, Pretty bad when MS themselves look to be infected. Or maybe there "testing" something, or someone is spoofing?

Aug  1 12:37:36: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/3383 dst inside:xxx.xxx.xxx.xxx/80
Aug  1 12:37:40: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/3383 dst inside:xxx.xxx.xxx.xxx/80
Aug  1 12:40:04: %PIX-3-106010: Deny inbound tcp src outside:131.107.190.124/41854 dst inside:xxx.xxx.xxx.xxx/80
Aug  1 12:40:08: %PIX-3-106010: Deny inbound tcp src outside:131.107.190.124/41854 dst inside:xxx.xxx.xxx.xxx/80
Aug  1 12:40:39: %PIX-3-106010: Deny inbound tcp src outside:131.107.86.103/4167 dst inside:xxx.xxx.xxx.xxx/80
Aug  1 12:41:52: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/4367 dst inside:xxx.xxx.xxx.xxx/80
Aug  1 12:42:00: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/4367 dst inside:xxx.xxx.xxx.xxx/80
Aug  1 12:43:02: %PIX-3-106010: Deny inbound tcp src outside:131.107.90.67/3667 dst inside:xxx.xxx.xxx.xxx/80

Microsoft Corporation (NET-MICROSOFT)
   One Redmond Way
   Redmond, WA 98052
   US

   Netname: MICROSOFT
   Netblock: 131.107.0.0 - 131.107.255.255

   Coordinator:
      Microsoft  (ZM39-ARIN)  [email protected]

-Joe

• Prev by Date: Code Red growth stats (fwd)
• Next by Date: Re: Code Red growth stats (fwd)
• Date Index
• Thread Index
• Author Index
• Historical