North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Worm probes
On Tue, 18 Sep 2001, ravi pina wrote: > > On Tue, Sep 18, 2001 at 09:54:31AM -0400, [email protected] said at one point in time: > > > > > > Has anyone else been seeing a dramatic increase in /scripts/.. NT worm > > probes this morning? We're seeing about 8000/second, starting around 9:15 > > Eastern time, to and from a wide variety of addresses. > > affirmative. i just looked at my logs, and it looks like > each probe tries a bunch of things. i haven't seen much > on the lists, but i'm looking right now. > i'm pretty sure that the worm's attack phase starts on the 20th (which of course, depends upon a correctly set system clock) and also that attempting to execute something like /scripts/root.ext/c++ something is involved. i think that cert's website would be a good place to look. i'm *not* a security/virus chick, but i did host a talk by marty linder of cert where he discected code red's activity and presented a summary. cert is of course, http://www.cert.org. deeann m.m. mikula director of operations telerama public access internet http://www.telerama.com 1.877.688.3200
|