>From: "Fritz Mesedilla" <[EMAIL PROTECTED]>
>To: "PLUG Mailing List" <[EMAIL PROTECTED]>
>Date: Tue, 11 Sep 2001 18:47:27 +0800
>Subject: [plug] ip address trace route
>
>can anyone suggest a good trace program or trace router?
>i received another code red or sircam attempt:
>
>210.102.220.95 - - [11/Sep/2001:18:48:20 +0800] "GET
>/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
><<snip snip>>
>
>kawawa naman sysad nito. tinamaan siya ng virus.
it can be anybody... it can be a dialup user... it can be a kid next door
searching the web for teletubbies pics (her dad, a dentist's assistant in
your city's hospital is not aware that IIS is enabled when he got his pc
from the local pcstore and probably doenst even know what IIS is...) ....
it can be anywhere... the owner may even not know he/she has it... code red
scans the internet for vulnerable hosts randomly...
i just ignore it (as long as its not coming from the localnet)... but i
count them just for the fun of it... :)... im having like close to a
hundred codered attempts a day... (instead of having a kiddie homepage hits
counter, have something techie like "NNN Code Red hits since $date".... :P
> <<snip snip>>
>
>Anyway, sana mabigyan niyo ako ng tracing program. Something that can give
>me an idea who is trying to enter our servers.
our friend traceroute should be sufficient... but if you want something
fancy, there is geotrace ( http://geotrace.sourceforge.net/ )...
:) cheers...
gari
:: [EMAIL PROTECTED] | http://pgpkey.melecio.org/
:: Key Fingerprint: 3bb0 4a3a 1fac c9ea d20a d838 7308 2114 7fd9 994c
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
