it
might still be codered or nimda,,
my
port 80 is still getting hammered by them..
you
can tell by starting your web server, opening your firewall on port 80, then
checking your server log.
/var/log/httpd/error_log
if you
see a heap of calls to a file called cmd.exe or default.ida (there are a couple
of others too)
then
thats the problem, code red and nimda.
rgds
Frank
-----Original Message-----dude,
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Angus Beath
Sent: Wednesday, 16 October 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Strange Hits
you are probably being portscanned by a range of machines that have been infected with a virus - klez or slapper or something similar. Your firewall should cover you quite nicely.
Angus
On Wed, 2002-10-16 at 12:07, Sevatio wrote:LM8.2 service: attbi I keep getting hits on port 80 from the following addresses. I'm curious if any of you know why. I don't have a apache running but have a firewall up that catching these hits. Why would they keep visiting even when I don't have my server running? These are the IP addresses that have been logged in the last hour. 12.235.161.16 12.228.11.35 12.235.65.112 12.235.79.28 12.235.104.77 12.235.81.111 The IP addresses point to some location in Parsippani NJ. I used the visualroute to locate origin. http://visualroute.visualware.com/
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
