wow! this is intresting!
In one of my server, I cleared the apache's access log.
I returned after 24 hrs and the output I get surprised me:
grep cmd.exe access_log | awk '{print $1}' | sort | uniq | wc -l
and the result I get is:
2344 [and "33323" without uniq and sort]
-- Isn't this a bit high? or is it an average figure?
err.. for those who did not understood what the above command did, here is an explaination:
"grep" will GRAB all the lines that have "cmd.exe" from the apache access_log, then "awk" will filter out the IP, and the result is sorted out by the command "sort". "uniq" will remove duplicate IP's and give a unique value and finally "wc -l" will count the total lines.
In short, that number is the no of times that my server was scanned by "bag guys/nimda/code red/ etc .. "
conclusion:
my server got 33,323 scans from 2344 unique IP's
