this stupid little thing is what's currently pounding linux.nf
I wish other admins would keep their machines locked down... what a headche!
---------- Forwarded Message ----------
Subject: 'Code Red' does not seem to be scanning for IIS
Date: Thu, 19 Jul 2001 23:32:53 +0200 (CEST)
From: Mike Brockman <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
>From what i read about the 'Code Red'-worm, it was supposed to be scanning
for IIS-servers. It obviously is'nt, i believe it tries to infect
everything they find on port 80, or something as simple as that.
About three to four days ago, i started to get those default.ida-GET's in
my Apache-logs. I shut down the server as fast as i could, and checked for
outgoing connections from my computer, and then did some research.
I was told that it was an IIS-worm, and that it could'nt affect
Apache-servers, so i was safe. I turned the server back on, and from that
day i have received forty-one attempts.
How can this be? Why am i getting so few attempts, if it is as eEye says
-- that every worm-instance has the same seed?
I should be getting tons and tons of tries, if the worm has been around
for this long. Or is it that my IP is high up in the "sequence", and not
many comes that far? If that is the case, the number should be increasing
fast in the near future, right?
I'll come back with a report in a week or so.
________________________________
m'name be mike brockman! jeeh!
_ooh,_und_dunt_feed_my_eskimoes_
-------------------------------------------------------
--
Douglas J. Hunley ([EMAIL PROTECTED]) - Linux User #174778
Admin: http://hunley.homeip.net/ Admin: http://linux.nf/
Brainbench Linux Administration Certified
~~ Now offering Linux admin services for the home user ~~
panic("bad_user_access_length executed (not cool, dude)");
2.0.38 /usr/src/linux/kernel/panic.c
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
