CR II is also know to use fake IP numbers. While those are CR I, I
wouldn't bank on the fact that that the hosts are accurate.
Especially, as Tracy suggested, that they may be running on a dial-up
service where IP numbers change at each connection.
Just filter them.
--
Jeremy Wadsack
Wadsack-Allen Digital Group
Doug Nelson ([EMAIL PROTECTED]):
> could I do an analog and pull out the ip's and somehow contact the
> administrator of those sites?
> I bet a script exists somewhere to mail webmaster@ whatever address it is
> coming from using logic like in the "How do I send the report to one
> person..." message from a few days ago.
> I would think this would help to cut down virus infections on a big scale,
> no?
> -----Original Message-----
> From: Tracy McKibben [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, August 21, 2001 12:52 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [analog-help] default.ida
> You're safe on that platform, but you'll still see attempted attacks. Your
> logs should show the IP that the request came from, but it'll be nothing
> more than another infected machine.
> ----- Original Message -----
> From: "Doug Nelson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 21, 2001 11:47 AM
> Subject: RE: [analog-help] default.ida
>> We run a Linux/Apache server. This virus only attacks Windows servers,
> correct?
>>
>> Is there anything I need to do? Is there a way to see where it is coming
> from? Anyone I should report this to?
>>
>>
>> Doug
>>
>> -----Original Message-----
>> From: Tracy McKibben [SMTP:[EMAIL PROTECTED]]
>> Sent: Tuesday, August 21, 2001 12:44 PM
>> To: [EMAIL PROTECTED]
>> Subject: Re: [analog-help] default.ida
>>
>> That would be the Code Red worm, attempting to infect your server...
>>
>> ----- Original Message -----
>> From: "Doug Nelson" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>
>> Sent: Tuesday, August 21, 2001 11:38 AM
>> Subject: [analog-help] default.ida
>>
>>
>> > Does anybody know what would cause the following to appear in the
> "Failure
>> > Report"?
>> >
>> > 34: /default.ida
>> > 34:
>> >
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> >
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> >
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> >
> XXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
>> >
> 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
>> > 078%u0000%u00=a
>> >
>> >
> +------------------------------------------------------------------------
>> > | This is the analog-help mailing list. To unsubscribe from this
>> > | mailing list, go to
>> > | http://lists.isite.net/listgate/analog-help/unsubscribe.html
>> > |
>> > | List archives are available at
>> > | http://www.mail-archive.com/[email protected]/
>> > | http://lists.isite.net/listgate/analog-help/archives/
>> > | http://www.tallylist.com/archives/index.cfm/mlist.7
>> >
> +------------------------------------------------------------------------
>> >
>>
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.268 / Virus Database: 140 - Release Date: 8/7/2001
>> +------------------------------------------------------------------------
>> | This is the analog-help mailing list. To unsubscribe from this
>> | mailing list, go to
>> | http://lists.isite.net/listgate/analog-help/unsubscribe.html
>> |
>> | List archives are available at
>> | http://www.mail-archive.com/[email protected]/
>> | http://lists.isite.net/listgate/analog-help/archives/
>> | http://www.tallylist.com/archives/index.cfm/mlist.7
>> +------------------------------------------------------------------------
>> +------------------------------------------------------------------------
>> | This is the analog-help mailing list. To unsubscribe from this
>> | mailing list, go to
>> | http://lists.isite.net/listgate/analog-help/unsubscribe.html
>> |
>> | List archives are available at
>> | http://www.mail-archive.com/[email protected]/
>> | http://lists.isite.net/listgate/analog-help/archives/
>> | http://www.tallylist.com/archives/index.cfm/mlist.7
>> +------------------------------------------------------------------------
>>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.268 / Virus Database: 140 - Release Date: 8/7/2001
> +------------------------------------------------------------------------
> | This is the analog-help mailing list. To unsubscribe from this
> | mailing list, go to
> | http://lists.isite.net/listgate/analog-help/unsubscribe.html
> |
> | List archives are available at
> | http://www.mail-archive.com/[email protected]/
> | http://lists.isite.net/listgate/analog-help/archives/
> | http://www.tallylist.com/archives/index.cfm/mlist.7
> +------------------------------------------------------------------------
> +------------------------------------------------------------------------
> | This is the analog-help mailing list. To unsubscribe from this
> | mailing list, go to
> | http://lists.isite.net/listgate/analog-help/unsubscribe.html
> |
> | List archives are available at
> | http://www.mail-archive.com/[email protected]/
> | http://lists.isite.net/listgate/analog-help/archives/
> | http://www.tallylist.com/archives/index.cfm/mlist.7
> +------------------------------------------------------------------------
+------------------------------------------------------------------------
| This is the analog-help mailing list. To unsubscribe from this
| mailing list, go to
| http://lists.isite.net/listgate/analog-help/unsubscribe.html
|
| List archives are available at
| http://www.mail-archive.com/[email protected]/
| http://lists.isite.net/listgate/analog-help/archives/
| http://www.tallylist.com/archives/index.cfm/mlist.7
+------------------------------------------------------------------------
