|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Karl A. Krueger (kkrueger_at_outbox.whoi.edu)
Date: Sun Jan 26 2003 - 19:07:38 CST
On Sun, Jan 26, 2003 at 04:48:30PM -0500, Mike Tancsa wrote:
> At 01:50 PM 26/01/2003 -0500, Karl A. Krueger wrote:
> >Pardon my delurk, but this is very strange worm behavior. We are seeing
> >100 SQL Worms per second from a single IP address on Telstra. This is
>
> Perhaps a series of servers behind natted behind a single IP ?
I thought of that, but the machine has "dhcp" in its DNS hostname, which
made me think "client system":
203.50.0.215 == rsdhcp21.telstra.net
Thankfully, it seems that either my post here or my messages to Telstra
(the ones that didn't bounce) got through to someone ... or else they
just finally woke up and took their worm box down -- at least, it isn't
phl00ding us any more.
-- Karl A. Krueger <kkruegerwhoi.edu> Network Security -- Linux/Unix Systems Support -- Etc. Woods Hole Oceanographic Institution
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]