[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code-Red stats.



On Sun, Aug 12, 2001, Cedar Cox wrote about "Code-Red stats.":
> 
> At the risk of overly publicizing code-red, I present this:
> 
> My current count of Code-Red infected IP addresses is 321.  CR-II count is
> currently 10522.  Doesn't seem to be slowing down.  It amuses me that one
> of them is Microsoft's own MSN Israel server (192.117.172.214)...

Strange, just today I thought to myself that the deluge of port 80 probes
I'm seeing seems to be slowing down... Of course, my evidence is very
unscientific: it is important to realise that when I log on to a Netvision
dialup, most probes will (because of the way the random IP generator in
CD-II works) come from other Netvision dialup users, so the number of probes
depends on the number of such users online, which in turn depends on the
time-of-day, day-of-the-week, and whether there's a good movie on TV.

My port 80 probing statistics (I don't seperate Code Red I and II, or crackers
trying to check for the backdoor) is 173 different IPs (this is low because
I am not logged in more than around 2 hours a day on this computer).

Anyway, Why do you say that 192.117.172.214 is "MSN Israel"? I get

$ host 192.117.172.214
214.172.117.192.in-addr.arpa. domain name pointer Rsn-172-214.access.net.il.

$ whois 192.117.172.214@whois.ripe.net
...
inetnum:      192.117.128.0 - 192.117.191.255
netname:      IL-EURONET-RG-990603
descr:        Euronet Digital Communications

So this seems to be just another Internet Zahav dialup (the ISP with the
thousand names). I got probed by a neighbor of his: 192.117.101.180 (that
one is an Actcom IP (I don't know if it's a dialup).


-- 
Nadav Har'El                        |          Sunday, Aug 12 2001, 24 Av 5761
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Corduroy pillows - they're making
http://nadav.harel.org.il           |headlines!

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il