[unisog] ida worm

Dave Ellingsberg dave.ellingsberg at csu.mnscu.edu
Thu Jul 19 20:14:25 GMT 2001


Router deny logs have gone up from 2mb to 5mb to todays current 77mb and
still growing.  Have had two boxes patched that still fell to the red
worm.

Seems we are at the top of the random numbers
Bigfoot

>>> Russ Harvey <russ at cornucopia.ucr.edu> 07/19 2:06 PM >>>

http://www.eeye.com/html/Research/Advisories/AD20010618.html 

We're getting hit with a ton of these, and the source IPs seem all
over
the map:

Thu Jul 19 08:33:06    HTTP request from 207.46.239.116: GET
/default.ida?NN...
Thu Jul 19 08:53:17    HTTP request from 211.220.44.29: GET
/default.ida?NN...
Thu Jul 19 09:26:38    HTTP request from 63.237.136.164: GET
/default.ida?NN...
Thu Jul 19 09:33:14    HTTP request from 217.12.96.66: GET
/default.ida?NN...
Thu Jul 19 10:00:43    HTTP request from 210.218.214.10: GET
/default.ida?NN...
Thu Jul 19 10:05:05    HTTP request from 63.165.102.41: GET
/default.ida?NN...
Thu Jul 19 10:40:26    HTTP request from 66.1.160.222: GET
/default.ida?NN...
Thu Jul 19 10:51:14    HTTP request from 61.155.18.78: GET
/default.ida?NN...
Thu Jul 19 10:51:53    HTTP request from 211.173.199.28: GET
/default.ida?NN...
Thu Jul 19 11:01:18    HTTP request from 216.114.79.35: GET
/default.ida?NN...
Thu Jul 19 11:01:57    HTTP request from 209.113.64.211: GET
/default.ida?NN...

Anyone else getting barraged?

Thanks,
--russ

-------------------------------------------------------------------------------
Russ Harvey                             Internet: russ-harvey at ucr.edu 
Dept. of Computing and Communications       uucp: galaxy!russ
Univ. of Calif., Riverside, CA 92521-0142  phone: (909) 787-5617



More information about the unisog mailing list