The new Code Red 3 worm is messing up everyone's (Win2K) ARP tables as part
of what it does. Don't be too surprised to see weird things like this for
the next few weeks.
W
-----Original Message-----
From: Bernhard Rosenkraenzer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 07, 2001 2:23 PM
To: [EMAIL PROTECTED]
Subject: Re: My apache server being spoofed?
On Tue, 7 Aug 2001, sum1 wrote:
> adsl-80-104-130.jax.bellsouth.net - - [06/Aug/2001:16:39:31 -0400] "GET
> http://www.s3.com/ HTTP/1.1" 200 1955 "-" "Mozilla/4.0 (compatible; MSIE
4.01;
> Windows 98)"
>
> Now, it seems like someone tried to redirect my headers to s3.com,
This looks like someone attempted to use your server as a proxy for
whatever reason. Proxies will respond to that query.
> but i'm not sure why, or what this would have gained them...
Either a misconfiguration, or anonymization (using a proxy that isn't a
proxy can be quite useful for disappearing from logs of servers you want
to do anything evil to (such as abusing them for sending spam))
> The interesting thing
> is that the http request did yield a 200 response, and not a 404... pretty
> soon after that (within about 10 minutes), i got this in my messages log:
Did you enable the apache proxy module without configuring it?
> Aug 6 16:42:42 thedarksighed modprobe: Note: /etc/modules.conf is more
> recent than /lib/modules/2.4.2-2/modules.dep
This is entirely unrelated, and not a problem. It just means that
something (probably kudzu) changed your modules.conf after the last time
you updated your kernel.
Speaking of it, you should really get the kernel from errata (2.4.3-12).
LLaP
bero
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
