On Wed, 30 Jan 2002, you wrote: > Just a telnet to port 25 will tell you if a mail server is running. I don't > advocate running a scan or doing anything unnecessary. Notifying them that > their computer is infected would be a nice thing to do.
But by the time you read your log file, that IP number might be allocated to another user, or temporarily not allocated. Unless they have a fixed IP which not many home users have (assuming it's a home user). Then again, if they're infected with Code Red they must have had IIS running at some stage, but there are plenty of home web servers using a dynamic dns service. I can't imagine any professional web master still running an un-patched IIS :-> so I assume it's a home user ... Yuri
