[Dshield] Code Red Host Scans (and more) (and stats)
patrick at pine.nl
Sat Aug 4 20:19:11 GMT 2001
> I've spotted probes from all over: France, parts of Asia, Taiwan,
> Japan, and an *awful* lot of probes from speakeasy.net (my provider,
> so I'm talking to them about it.) I'm getting probes for this "new"
> version from networks that never tried to connect via the "old"
> Today may get ugly, folks. It may get *really* ugly.
> Beginning about five hours ago, I've detected 97 probes of the "new" variety:
I've added the second strain to my stats, and at
16:00 GMT+2 I saw a HUGE increase in scans.
Numbers jumped from 800/h to 1400/h
Stats at http://www.security.nl/misc/codered-stats/
Tomorrow I will add maps showing geographical dispersion
of code red. An example is at
The data I used is captured from our /19 using urlsnarf.
Patrick Oonk - PO1-6BONE - E: patrick at pine.nl - www.pine.nl/~patrick
Pine Internet - PAT31337-RIPE - Hushmail: p.oonk at my.security.nl
T: +31-70-3111010 - F: +31-70-3111011 - http://security.nl
PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934
Excuse of the day: your keyboard's space bar is generating
More information about the list