Still seeing tons of traffic scanning for port 80s. Already sent off 4 emails to various .edu s that appear to be infected (several nodes) and one to Microsoft as well. In a brief listing of nodes my count is greater than 64k of unique IP addys so far. Hmm, Pretty bad when MS themselves look to be infected. Or maybe there "testing" something, or someone is spoofing?
Aug 1 12:37:36: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/3383 dst inside:xxx.xxx.xxx.xxx/80 Aug 1 12:37:40: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/3383 dst inside:xxx.xxx.xxx.xxx/80 Aug 1 12:40:04: %PIX-3-106010: Deny inbound tcp src outside:131.107.190.124/41854 dst inside:xxx.xxx.xxx.xxx/80 Aug 1 12:40:08: %PIX-3-106010: Deny inbound tcp src outside:131.107.190.124/41854 dst inside:xxx.xxx.xxx.xxx/80 Aug 1 12:40:39: %PIX-3-106010: Deny inbound tcp src outside:131.107.86.103/4167 dst inside:xxx.xxx.xxx.xxx/80 Aug 1 12:41:52: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/4367 dst inside:xxx.xxx.xxx.xxx/80 Aug 1 12:42:00: %PIX-3-106010: Deny inbound tcp src outside:131.107.112.124/4367 dst inside:xxx.xxx.xxx.xxx/80 Aug 1 12:43:02: %PIX-3-106010: Deny inbound tcp src outside:131.107.90.67/3667 dst inside:xxx.xxx.xxx.xxx/80
Microsoft Corporation (NET-MICROSOFT) One Redmond Way Redmond, WA 98052 US Netname: MICROSOFT Netblock: 131.107.0.0 - 131.107.255.255 Coordinator: Microsoft (ZM39-ARIN) noc@microsoft.com -Joe