It looks like my system is being hacked for the past 6 days. But am I safe running a linux box? Running Redhat 8.0 apache port forwarded. A windows 2000 system not accessed to externally. Running IP-Cop 1.3.0 with full updates. Port 21, 80, 22 forwarded to my linux web-server.
Seem like these people are running something to test my systems durability. Can someone offer some suggestions? Jason Total of number of Intrusion rules activated for June 6: 73 Date: 06/06 02:17:16 Name: WEB-IIS CodeRed v2 root.exe access Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:1475 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1256 Date: 06/06 02:17:17 Name: WEB-IIS CodeRed v2 root.exe access Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:1494 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1256 Date: 06/06 02:17:17 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:1513 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 02:17:17 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:1523 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 02:17:18 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:1536 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1945 Date: 06/06 02:17:18 Name: WEB-FRONTPAGE /_vti_bin/ access Priority: 2 Type: access to a potentially vulnerable web application IP info: 68.113.xxx.xxx:1554 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1288 Date: 06/06 02:17:19 Name: WEB-IIS _mem_bin access Priority: 2 Type: access to a potentially vulnerable web application IP info: 68.113.xxx.xxx:1574 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1286 Date: 06/06 02:17:19 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:1586 -> xxx.xxx.xxx.xxx:80 References: none found SID: 982 Date: 06/06 02:17:41 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:1598 -> xxx.xxx.xxx.xxx:80 References: none found SID: 982 Date: 06/06 02:17:41 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:2233 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 02:17:42 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:2251 -> xxx.xxx.xxx.xxx:80 References: none found SID: 981 Date: 06/06 02:17:43 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:2272 -> xxx.xxx.xxx.xxx:80 References: none found SID: 983 Date: 06/06 02:17:43 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:2282 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 02:17:44 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:2308 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 02:17:47 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:2326 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 02:17:48 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.113.xxx.xxx:2406 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 05:08:24 Name: WEB-IIS CodeRed v2 root.exe access Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2350 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1256 Date: 06/06 05:08:25 Name: WEB-IIS CodeRed v2 root.exe access Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2372 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1256 Date: 06/06 05:08:25 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2378 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 05:08:26 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2386 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 05:08:26 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2393 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1945 Date: 06/06 05:08:29 Name: WEB-FRONTPAGE /_vti_bin/ access Priority: 2 Type: access to a potentially vulnerable web application IP info: 68.48.xxx.xxx:2416 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1288 Date: 06/06 05:08:30 Name: WEB-IIS _mem_bin access Priority: 2 Type: access to a potentially vulnerable web application IP info: 68.48.xxx.xxx:2524 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1286 Date: 06/06 05:08:30 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2527 -> xxx.xxx.xxx.xxx:80 References: none found SID: 982 Date: 06/06 05:08:30 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2533 -> xxx.xxx.xxx.xxx:80 References: none found SID: 982 Date: 06/06 05:08:30 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2539 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 05:08:31 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2546 -> xxx.xxx.xxx.xxx:80 References: none found SID: 981 Date: 06/06 05:08:31 Name: WEB-IIS unicode directory traversal attempt Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2550 -> xxx.xxx.xxx.xxx:80 References: none found SID: 983 Date: 06/06 05:08:31 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2555 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 05:08:31 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2561 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 05:08:31 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2569 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 05:08:32 Name: WEB-IIS cmd.exe access Priority: 1 Type: Web Application Attack IP info: 68.48.xxx.xxx:2576 -> xxx.xxx.xxx.xxx:80 References: none found SID: 1002 Date: 06/06 05:15:14 Name: MS-SQL Worm propagation attempt Priority: 2 Type: Misc Attack IP info: 66.111.41.xxx:1517 -> xxx.xxx.xxx.xxx:1434 References: none found SID: 2003 Date: 06/06 06:28:34 Name: SCAN SOCKS Proxy attempt Priority: 2 Type: Attempted Information Leak IP info: 200.157.xxx.xxx:55095 -> xxx.xxx.xxx.xxx:1080 References: none found SID: 615 Date: 06/06 06:28:34 Name: SCAN Squid Proxy attempt Priority: 2 Type: Attempted Information Leak IP info: 200.157.xxx.xxx:37028 -> xxx.xxx.xxx.xxx:3128 *snip*
