"Luis.F.Correia" wrote:
>
> Last night, while browsing around I started to get entries
> like this on my logs.
> Is this a CodeRed scan?
> ---------------------------------------------------------
>
> Sep 20 23:28:15 porteiro kernel: Packet log: input DENY ppp0 PROTO=6
> 193.13.81.201:1201 193.126.171.3:80 L=48 S=0x00 I=46155 F=0x4000 T=112 SYN
> (#37)
Because of the timing of this, it is not likely to be a CodeRed scan,
but a scan from a new Beast which combines a Java virus, and email
virus, and a network worm - called Nmida; these scans are likely to be
from a compromised host looking for others to infect.
However, without seeing the payload, it is impossible to tell for
certain, even as Pi has said.
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
