North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: some of these are worse than others
Which signature database you use to match these or just log the 404's ? Pete ----- Original Message ----- From: "Paul Vixie" <[email protected]> To: <[email protected]> Sent: Monday, November 18, 2002 11:31 PM Subject: some of these are worse than others > > in the last few months since i most recently cleared out the database, > my test network (a defunct /16) has received 3.8M http transactions > containing 460K distinct worm bodies sent from 137K source addresses. > > the top 8, by quantity, are: > > srcaddr | count | first | last > -----------------+--------+---------------------+--------------------- > 61.137.107.137 | 300772 | 2002-11-05 13:29:26 | 2002-11-14 03:19:42 > 210.82.7.205 | 72755 | 2002-11-13 14:12:00 | 2002-11-14 11:23:07 > 210.12.30.12 | 32450 | 2002-11-01 08:34:09 | 2002-11-01 09:04:10 > 24.193.82.174 | 31996 | 2002-10-30 11:56:58 | 2002-10-30 13:07:11 > 131.204.108.181 | 22524 | 2002-11-18 17:33:04 | 2002-11-18 18:05:13 > 24.76.78.204 | 22305 | 2002-10-30 12:13:39 | 2002-10-30 13:26:52 > 80.11.57.19 | 11379 | 2002-11-01 09:34:01 | 2002-11-01 10:49:20 > 63.142.226.235 | 10178 | 2002-11-08 12:51:44 | 2002-11-08 13:42:06 > > if you see one of your own up there, please put your hands on some > lineman's shears and Do The Right Thing. >
|