[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Code-Red stats.
On Sun, Aug 12, 2001, Cedar Cox wrote about "Code-Red stats.":
>
> At the risk of overly publicizing code-red, I present this:
>
> My current count of Code-Red infected IP addresses is 321. CR-II count is
> currently 10522. Doesn't seem to be slowing down. It amuses me that one
> of them is Microsoft's own MSN Israel server (192.117.172.214)...
Strange, just today I thought to myself that the deluge of port 80 probes
I'm seeing seems to be slowing down... Of course, my evidence is very
unscientific: it is important to realise that when I log on to a Netvision
dialup, most probes will (because of the way the random IP generator in
CD-II works) come from other Netvision dialup users, so the number of probes
depends on the number of such users online, which in turn depends on the
time-of-day, day-of-the-week, and whether there's a good movie on TV.
My port 80 probing statistics (I don't seperate Code Red I and II, or crackers
trying to check for the backdoor) is 173 different IPs (this is low because
I am not logged in more than around 2 hours a day on this computer).
Anyway, Why do you say that 192.117.172.214 is "MSN Israel"? I get
$ host 192.117.172.214
214.172.117.192.in-addr.arpa. domain name pointer Rsn-172-214.access.net.il.
$ whois 192.117.172.214@whois.ripe.net
...
inetnum: 192.117.128.0 - 192.117.191.255
netname: IL-EURONET-RG-990603
descr: Euronet Digital Communications
So this seems to be just another Internet Zahav dialup (the ISP with the
thousand names). I got probed by a neighbor of his: 192.117.101.180 (that
one is an Actcom IP (I don't know if it's a dialup).
--
Nadav Har'El | Sunday, Aug 12 2001, 24 Av 5761
nyh@math.technion.ac.il |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Corduroy pillows - they're making
http://nadav.harel.org.il |headlines!
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il