Could the ISP be infected with this worm? Maybe that's where all the activity could be coming from. Or, there are a number of users from a DHCP using the same method of attack on different IP's?
Just a thought.
Printable View
Could the ISP be infected with this worm? Maybe that's where all the activity could be coming from. Or, there are a number of users from a DHCP using the same method of attack on different IP's?
Just a thought.
read up on the worm, thats what it does. It scans for vulnerable computers within an ip range:
198.6.*.*. Those are all the ******* who don't know enough to patch their iis servers, that your seeing. there's a whole **** load of them. Although this worm is about 2 years old its still in the top 5 for this very reason. If it was a person doing this, imho, they would have telneted in, saw you were't running iis and continued on, the worm dosn't check.