Attempts to connect to port 80

Tim Wunder tim
Mon May 17 11:35:08 PDT 2004 

On 7/19/2002 9:04 AM, someone claiming to be dep wrote:
> begin  Joel Hammer's  quote:
> | I do not know how they look. I am blocking all port 80 activity at
> | this time on my firewall.
> 
> betcha it's code red. but you *have* patched your apache anyway, 
> right?

Both Code Red and Nimda have been hitting my webserver recently. Mostly Nimda. I found a neat little script that pulls out the IPs of the sources of the requests:
http://cert.uni-stuttgart.de/archive/loganalysis/2001/09/msg00083.html

These are NIMDA sources, gleaned from my access.log:
204.228.153.113       [14/Jul/2002:21:53:50 -0400]
24.147.13.8       [17/Jul/2002:10:27:48 -0400]
62.108.7.2       [14/Jul/2002:22:54:49 -0400]
64.61.16.126       [18/Jul/2002:21:24:41 -0400]
68.100.163.51       [16/Jul/2002:20:29:58 -0400]
68.11.240.117       [17/Jul/2002:05:42:43 -0400]
68.15.145.228       [17/Jul/2002:09:42:57 -0400]
68.32.54.212       [16/Jul/2002:12:05:27 -0400]
68.33.76.236       [15/Jul/2002:00:33:18 -0400]
68.34.209.208       [15/Jul/2002:20:08:43 -0400]
68.34.220.114       [19/Jul/2002:04:19:32 -0400]
68.34.37.105       [19/Jul/2002:01:02:44 -0400]
68.34.46.59       [18/Jul/2002:15:53:21 -0400]
68.34.80.235       [18/Jul/2002:22:19:15 -0400]
68.38.140.153       [15/Jul/2002:05:28:40 -0400]
68.38.143.106       [15/Jul/2002:21:18:51 -0400]
68.40.156.168       [14/Jul/2002:17:50:43 -0400]
68.47.78.234       [17/Jul/2002:08:13:25 -0400]
68.48.110.88       [14/Jul/2002:10:56:58 -0400]
68.51.114.167       [18/Jul/2002:03:42:35 -0400]
68.52.82.120       [18/Jul/2002:09:26:07 -0400]
68.53.133.82       [17/Jul/2002:00:55:16 -0400]
68.53.20.109       [15/Jul/2002:06:54:34 -0400]
68.54.87.130       [19/Jul/2002:04:40:00 -0400]
68.55.246.233       [19/Jul/2002:05:20:49 -0400]
68.67.185.16       [15/Jul/2002:06:06:21 -0400]
80.16.34.253       [18/Jul/2002:18:22:15 -0400]

These are CodeRed sources:
148.223.49.242       [16/Jul/2002:15:49:39 -0400]
193.172.61.169       [19/Jul/2002:07:12:23 -0400]
203.190.34.130       [17/Jul/2002:18:33:05 -0400]
203.40.202.119       [15/Jul/2002:14:25:53 -0400]
204.19.199.28       [15/Jul/2002:13:52:27 -0400]
206.126.8.102       [17/Jul/2002:15:41:52 -0400]
211.168.9.133       [18/Jul/2002:09:20:17 -0400]
217.97.96.101       [14/Jul/2002:06:19:50 -0400]
61.184.232.231       [18/Jul/2002:00:12:05 -0400]
61.53.89.28       [15/Jul/2002:21:30:34 -0400]
62.178.164.133       [17/Jul/2002:08:40:45 -0400]
68.42.137.70       [14/Jul/2002:07:52:10 -0400]
80.133.145.86       [15/Jul/2002:02:29:35 -0400]

Regards, 
Tim

More information about the Linux-users mailing list