RE: Worm probes

For the past 2 weeks or so, we were averaging 1,200 probes per hour.

As of 8 or so this morning, we started averaging > 25,000 per hour!

I've noticed that at the same time, we started getting probes from our
provider's space (uniquely 23 addresses there), but not our own. Until this
morning, we had *0* probes from inside our provider's space.

Maybe this is the next round kicking off, looking for things to infect
locally before searching the world again.

Rick

P.S. - Right now: (looks like it will be a bit over 25k this hour

[root /usr/local/bin]# checkcodered.bash
Code Red Log Checker
Beginning Time:
10:00:00
Ending Time:
10:32:42
Number of attacks...
   31730
Number of unique addresses...
    3344

For the past 2 weeks or so, we were averaging 1,200 probes per hour.

As of 8 or so this morning, we started averaging > 25,000 per hour!

I've noticed that at the same time, we started getting probes from our
provider's space (uniquely 23 addresses there), but not our own. Until this
morning, we had *0* probes from inside our provider's space.

Maybe this is the next round kicking off, looking for things to infect
locally before searching the world again.

Simular here, most probes so far are coming from Speakeasy DSL IPs to
my Speakeasy DSL servers. Haven't checked the others yet. So far
about 20k probes.

I think it scans your local /16

  I've seen other scans from the /16 that my machines reside in.

  - Jared