Code-Red Detection

• Data collected from a /8 network at UCSD and two /16 networks at Lawrence Berkeley Laboratories (LBL)

• 1/256th of total address space monitored

• Machines sending TCP SYN packets to port 80 of nonexistent hosts considered infected

• Data spans 24-hour period from midnight UTC July 19th - midnight UTC July 20th

Previous slide

Next slide

Back to first slide

View graphic version