[unisog] ida worm

Jeff Anderson-Lee jonah at dlp.CS.Berkeley.EDU
Thu Jul 19 20:14:53 GMT 2001


I'm also seeing an increase in port 80/tcp probes.  I've seen 14 probe
incidents since 08:21 PDT this morning on one of our hosts.  Whatever
this worm is, it seemsto be spreading fast.

Jeff Anderson-Lee
Systems Manager, Digital Library Project
ERL, University of California at Berkeley

Re:
 :From:  Russ Harvey <russ at cornucopia.ucr.edu>
 :To:  unisog at sans.org
 :cc:  systems at listproc.ucr.edu
 :Subject:  [unisog] ida worm
 :Date:  Thu, 19 Jul 2001 12:06:25 -0700 (PDT)
 :
 :
 :http://www.eeye.com/html/Research/Advisories/AD20010618.html
 :
 :We're getting hit with a ton of these, and the source IPs seem all over
 :the map:
 :
 :Thu Jul 19 08:33:06    HTTP request from 207.46.239.116: GET /default.ida?NN.
 :..
 :Thu Jul 19 08:53:17    HTTP request from 211.220.44.29: GET /default.ida?NN..
 :.
 :Thu Jul 19 09:26:38    HTTP request from 63.237.136.164: GET /default.ida?NN.
 :..
 :Thu Jul 19 09:33:14    HTTP request from 217.12.96.66: GET /default.ida?NN...
 :Thu Jul 19 10:00:43    HTTP request from 210.218.214.10: GET /default.ida?NN.
 :..
 :Thu Jul 19 10:05:05    HTTP request from 63.165.102.41: GET /default.ida?NN..
 :.
 :Thu Jul 19 10:40:26    HTTP request from 66.1.160.222: GET /default.ida?NN...
 :Thu Jul 19 10:51:14    HTTP request from 61.155.18.78: GET /default.ida?NN...
 :Thu Jul 19 10:51:53    HTTP request from 211.173.199.28: GET /default.ida?NN.
 :..
 :Thu Jul 19 11:01:18    HTTP request from 216.114.79.35: GET /default.ida?NN..
 :.
 :Thu Jul 19 11:01:57    HTTP request from 209.113.64.211: GET /default.ida?NN.
 :..
 :
 :Anyone else getting barraged?
 :
 :Thanks,
 :--russ
 :
 :-----------------------------------------------------------------------------
 :--
 :Russ Harvey                             Internet: russ-harvey at ucr.edu
 :Dept. of Computing and Communications       uucp: galaxy!russ
 :Univ. of Calif., Riverside, CA 92521-0142  phone: (909) 787-5617



More information about the unisog mailing list