Are the requests coming in on port 443? This might be a probe or attempt at exploiting the OpenSSL worm that's supposed to be running around. There's been some discussion on bugtraq, and there's a mirrored archive at http://msgs.securepoint.com/cgi-bin/get/bugtraq0209/104.html Someone may have written an exploit to probe using code for all architectures indiscriminately. Unfortunately, www.securityfocus.com seems to be "undergoing scheduled maintenance" and with this wonky DNS update going on, I'm not even sure I'm hitting the right server. Oh well. -dvd On Sat, 2002-09-14 at 10:22, Arie Vayner wrote:
Hi
Has anyone noticed any strange internet activity in the past few hours? I have noticed lot's of client host generating a massive number of HTTP GET requests to WEB servers (like a single host sending a flood of more than 50 requests)
The clients seem to be windows boxs...
Arie