On Mon, 16 Nov 1998, Richard Irving wrote:
This appears to be a concerted effort. This type of attack is propogating to new origin IP's by the hour. There seems to be a pattern forming....
Has anyone considered that this might be a worm? The attacked hosts have all exhibited the same characteristics: stock Red Hat 5.1 install, running (probably) the stock named that came with it, which is a known vulnerable bind release. There are a -lot- of these boxen out there. Plus, the mechanical attacks on particular ports. This sounds fairly automated to me...but hey, what do I know? ;-) -- Edward S. Marshall <emarshal@logic.net> /> Who would have thought that we -o) http://www.logic.net/~emarshal/ // would be freed from the Gates of /\\ Linux Weenie, Open-Source Advocate </ hell by a penguin named "Tux"? _\_v