On Wed, 20 Feb 2002 05:32:04 -0500 Bill Day <[EMAIL PROTECTED]> wrote:
> I do believe that is the nimda freak, code red would entail > default.ida?NNNNNNNN ( or XXXXX, 0000000) > > linux.nf is no more. All things are the same with the domain change > of linux-sxs.org > > HTH, > > > On Wednesday 20 February 2002 03:10, you were heard blurting out: > > On Tue, 19 Feb 2002 22:04:48 -0800 > > > > Ken Moffat <[EMAIL PROTECTED]> wrote: > > > Here is part of my apache error_log, > > > which makes me think someone is trying to gain access. > > > Could this be some cracker? > > > There are a whole bunch of these in the log. > > > > > > Anyone know .... ? > > > [Tue Feb 19 05:34:49 2002] > > > [error] [client 216.162.75.7] File does not exist: > > > /var/www/html/d/winnt/system32/cmd.exe > > > > > > > > > I wonder who is 216.162.75.7? > > > > someone with an infected Windows IIS box, IIRC this is the "code > > red" worm. > > -- > Bill Day I have a linksys 4 port router as gateway from a cisco 675 (dsl), and had ports 21, 23, and 80 open on the linksys for testing purposes. Guess that's out. This stuffs ticks me off. Jut when I started having fun. This is apparently outside my house, not my win95 machine here, judging by the ip address of the probes, yes? (I'm reading up on security.) Thanks. -- Ken Moffat [EMAIL PROTECTED] (remove _NO_SPAM_)! _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
