North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Code Red Hammering Away

  • From: Etaoin Shrdlu
  • Date: Sat Aug 04 16:17:22 2001

Yes, it's true, I fixed the attribution. Young whippersnappers!

[email protected] wrote:
> On Sat, 4 Aug 2001, Lou Katz wrote:

> > My little Class C seems to be getting 3-6 attempts per second to
> > connect to Port 80 on various IPs at the present time. Is this
> > about average?

> Its more than what I am getting.  Never the less since this started again
> im seeing alot more attempts than in July.

I see about 300% more attempts than in July, but close to one-third of
those do not appear to be code red. They seem to be what I would have
suspected. People trying to mask attempts under the noise of code red.
Nonetheless, it is getting annoying enough that I am close to moving all
the windoze machines off to a private switched network until this is over.

No, I'm not afraid of them being compromised, but some of them do seem to
be getting hit harder than the rest of my computers. What I don't
understand is why my openbsd laptop attracts so much attention.

Uname -a shows OpenBSD scorpion 2.6 GENERIC#696 i386, hardly an attractive
target for code red in my book. No, it's not running a web server. The only
service it actually offers is sshd.

At first it was interesting, then annoying, now it's just boring. Most of
the non-code red attempts I see are from apnic, for what that's worth.

You've confused equality of opportunity for equality of outcomes,
and have seriously confused justice with equality.
                                -- Woodchuck