Dave Stewart wrote:
At 11:12 PM 7/19/2001, lucifer@lightbearer.com wrote:
Reports from our monitoring systems saw the CPU usage jump by somewhere between 150-200% for our core routers today; our current theory is that
Web servers that were hit beginning this morning at 11:26:41 EDT have not seen another attempt since 19:49:53.
I'm wondering if this because it was coming up on 00:00:00 GMT 20-July-2001.
According to the PC-Cillin write up, the 100-thread scan only takes place if the system date is less than 20, but if it's 20-28, it launches it's DOS attack at www1.whitehouse.gov
Does anybody really know yet what payloads this thing is carrying?
That would roughly correspond with the dropoff in CPU usage, here. Not proof, but... reasonably strong circumstantial. I guess we'll see for sure tomorrow, depending on how the traffic stats look. -- *************************************************************************** Joel Baker System Administrator - lightbearer.com lucifer@lightbearer.com http://www.lightbearer.com/~lucifer