[Dshield] port 80 "on the high side"

David Jobes djobes at xscanners.org
Tue Mar 25 17:49:46 GMT 2003


Yes

	currently my IDS and firewall logs are filling with the New CodeRed F type
at the rate of 100+ an hour.

--------------------------------------
David Jobes - CISSP
Web:       http://www.xscanners.org
yahooid:   davidjobes31770
aimid:     aggrogade
email:     djobes at xscanners.org

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Witt, Allen
Sent: Tuesday, March 25, 2003 10:20 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] port 80 "on the high side"



The increase may be partly due to Code Red II. I'm still detecting attempts
on various web servers using the new variety with the xxxxx nop slide. Code
Reds go dormant after the 20'th of the month, but maybe something changed
besides the url..... Anyone else seeing this?

aw

-----Original Message-----
From: Johannes Ullrich [mailto:jullrich at euclidian.com]
Sent: Monday, March 24, 2003 5:15 PM
To: list at dshield.org
Subject: [Dshield] port 80 "on the high side"



Its a bit early to call it a problem, but port 80 scans, in particular
the number of sources, are a bit on the high site if you look at it
as percentage of total submissions:

http://www.dshield.org/port_report.php?port=80&percent=Y

Given that a WebDAV exploit was released today, please take a quick look
at your web logs if you see anything odd.


--
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list