Ken Moffat wrote: > > On Wed, 20 Feb 2002 05:32:04 -0500 > Bill Day <[EMAIL PROTECTED]> wrote: > > > I do believe that is the nimda freak, code red would entail > > default.ida?NNNNNNNN ( or XXXXX, 0000000) > > > > linux.nf is no more. All things are the same with the domain change > > of linux-sxs.org > > > > HTH, > > > > > > On Wednesday 20 February 2002 03:10, you were heard blurting out: > > > On Tue, 19 Feb 2002 22:04:48 -0800 > > > > > > Ken Moffat <[EMAIL PROTECTED]> wrote: > > > > > Here is part of my apache error_log, > > > > which makes me think someone is trying to gain access. > > > > Could this be some cracker? > > > > There are a whole bunch of these in the log. > > > > > > > > Anyone know .... ? > > > > > [Tue Feb 19 05:34:49 2002] > > > > [error] [client 216.162.75.7] File does not exist: > > > > /var/www/html/d/winnt/system32/cmd.exe > > > > > > > > > > > > I wonder who is 216.162.75.7? > > > > > > someone with an infected Windows IIS box, IIRC this is the "code > > > red" worm. > > > > -- > > Bill Day > > I have a linksys 4 port router as gateway from a cisco 675 (dsl), and > had ports 21, 23, and 80 open on the linksys for testing purposes. > Guess that's out. This stuffs ticks me off. Jut when I started having > fun. This is apparently outside my house, not my win95 machine here, > judging by the ip address of the probes, yes?
This worm has been out there for quite some time, and is well established on the computers of hundreds of thousands of dumb yucks who either don't care or are just too dense to fix/secure their servers. You don't have anything to worry about from this critter as you aren't running M$ IIS. Check the list archives for "Apache Error Log" to see how to keep this out of your logs, and look into EarlyBird (treachery.net) which is an automatic notification script that generates emails to [EMAIL PROTECTED] letting them know attacks are coming from within their networks...although not many respond <surprise!>. > > (I'm reading up on security.) Always a good idea...before you open any ports. -- Linux SxS [http://sxs.homeip.net/] _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
