WTC follow up
Announce Communications Inc may be able to assist if anyone affected by NYC disasters needs help. send email to [EMAIL PROTECTED] and if we can we'll be of assistance. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Frequent Strange Requests
L.S., While scanning my Apache Access logs I recently discovered that my webserver gets some strange requests. While just guessing I can say I get these requests about 10 to 25 times a day. My site is just a personal site, no commercial activities are done here. 212.1.145.112 - - [12/Sep/2001:15:37:33 +0200] GET /default.ida?XXX X%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a Can anybody tell me what this is, whether to worry about it and what to do about it. Thanks in advance, Auke Rensen System Engineer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Frequent Strange Requests
that would be either code red or one of its varients, you should be able to safely ignore it on anything but IIS servers. as far as what you can do about it there isn't really much, maybe block it with a IDS but other than that just sit back and watch the logs scroll past. andrew On Wed, 12 Sep 2001 13:22:06 Auke Rensen wrote: L.S., While scanning my Apache Access logs I recently discovered that my webserver gets some strange requests. While just guessing I can say I get these requests about 10 to 25 times a day. My site is just a personal site, no commercial activities are done here. 212.1.145.112 - - [12/Sep/2001:15:37:33 +0200] GET /default.ida?XXX X%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a Can anybody tell me what this is, whether to worry about it and what to do about it. Thanks in advance, Auke Rensen System Engineer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Frequent Strange Requests
This is the code red virus trying to harm the webserver thinking you have NT IIS webserver i believe , i get 10,000 - 25,000 a day on our busy webserver. As i heard there is a way to block requests to your webserver by the request it self which is default.ida am not sure how to do it but i heard this somewhere. QualityNet - Kuwait Bashar A. AlAbdulhadi I.S. Department UNIX Systems Administrator TEL: 80 Ext. 637 FAX: 965-213790 www.qualitynet.net -Original Message- From: Auke Rensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 12, 2001 8:22 PM To: [EMAIL PROTECTED] Subject: Frequent Strange Requests L.S., While scanning my Apache Access logs I recently discovered that my webserver gets some strange requests. While just guessing I can say I get these requests about 10 to 25 times a day. My site is just a personal site, no commercial activities are done here. 212.1.145.112 - - [12/Sep/2001:15:37:33 +0200] GET /default.ida?XXX X%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a Can anybody tell me what this is, whether to worry about it and what to do about it. Thanks in advance, Auke Rensen System Engineer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Frequent Strange Requests
On Wed, 12 Sep 2001, Auke Rensen wrote: While scanning my Apache Access logs I recently discovered that my webserver gets some strange requests. While just guessing I can say I get these requests about 10 to 25 times a day. 212.1.145.112 - - [12/Sep/2001:15:37:33 +0200] GET /default.ida?XXX As others have mentioned, this is probably the Code Red worm or derivative. Is the remote client IP always (or frequently the same)? Then you may want to consider firewalling that IP on that port (80). (But probably not needed since you only receive a few a day.) You can also consider reporting the problem to the admin of that remote host so they can fix their machine. Is that IP one of your own (Windows-based) systems? If so, then this clue can lead you to it so you can fix it. Do some searches for code red; you'll find a variety of ideas and scripts to help with this problem. Another reason to run open source operating systems and open source software :) Jeremy C. Reed http://www.reedmedia.net/ http://bsd.reedmedia.net/ -- BSD news and resources http://www.isp-faq.com/-- find answers to your questions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Timeout of DNS
Hello, I have configured named to have my own DNS. But I often have problem of timeout. Can anyone tell me what parameter I should change to resolve this problem ? Best regards -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Timeout of DNS
On Wed, 12 Sep 2001, Luc MAIGNAN wrote: I have configured named to have my own DNS. But I often have problem of timeout. Can anyone tell me what parameter I should change to resolve this problem ? Tell us more about your real problem, so we don't have to guess and we can give you the answer you need. (Timeout can mean a lot of things in regards to DNS.) Do you mean lookups (like dig, nslookup, gethostbyname) are timing out? Do you mean a zone record has expired? Do you mean a slave/secondary zone is not updated? Jeremy C. Reed http://www.reedmedia.net/ http://bsd.reedmedia.net/ -- BSD news and resources http://www.isp-faq.com/-- find answers to your questions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Ethernet Card recommendation
Gavin Hamill [EMAIL PROTECTED] writes: We use the D-Link 530TX, it's a 4 port card based on the tulip chipset (21152 to be exact) ... they've worked flawlessly for us in many different environments. Yes, the 570TX (I think it's 570 rather than 530) is an excellent card, but I'd expect expect no less from a DEC-based chipset. :) Right you are ... I should have learned by now not to rely on my memory! -- Fraser Campbell [EMAIL PROTECTED] Starnix Inc. Telephone: (905) 771-0017 Thornhill, Ontario, Canada http://www.starnix.com/ Professional Linux Services Products -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Frequent Strange Requests
Hi Yes. This is the code red - worm. It passed also our systems. And the only think, as a good user, you can inform the one sending this request to you. The IP-Adress got the hostname ppp-2-112.cvx3.telinco.net. It seams, that this comes from an dialup-connection. More interesting is an whois with this ip: --- Telinco Internet Services plc (TELINCO2-DOM) Sirius House Alderly Road Chelford N/A, SK11 9AP UK Domain Name: TELINCO.NET Administrative Contact, Technical Contact, Billing Contact: Telinco (TE360-ORG) [EMAIL PROTECTED] Telinco Plc Sirius House, Alderley Road Chelford, Cheshire SK11 9AP UK +44 (0)1625 862 200 Fax- - +44 (0)1625 860 251 --- You may write an email to them. The rest should be made there... Regards Michael Blickenstorfer Chef System Administrator On Wed, Sep 12, 2001 at 07:22:06PM +0200, Auke Rensen wrote: L.S., While scanning my Apache Access logs I recently discovered that my webserver gets some strange requests. While just guessing I can say I get these requests about 10 to 25 times a day. My site is just a personal site, no commercial activities are done here. 212.1.145.112 - - [12/Sep/2001:15:37:33 +0200] GET /default.ida?XXX X%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u%u00=a Can anybody tell me what this is, whether to worry about it and what to do about it. Thanks in advance, Auke Rensen System Engineer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Cyberlink Internet Services AGTel +41 1 287 2992 SystemAdministration Tel +41 1 287 2993 Richard Wagnerstrasse 6 Fax +41 1 287 2991 CH-8002 Zuerich [EMAIL PROTECTED] http://www.cyberlink.ch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Timeout of DNS
You missed something: Firewall? DNS-Services need open ports... Regards Michael Blickenstorfer On Wed, Sep 12, 2001 at 12:54:36PM -0700, Jeremy C. Reed wrote: On Wed, 12 Sep 2001, Luc MAIGNAN wrote: I have configured named to have my own DNS. But I often have problem of timeout. Can anyone tell me what parameter I should change to resolve this problem ? Tell us more about your real problem, so we don't have to guess and we can give you the answer you need. (Timeout can mean a lot of things in regards to DNS.) Do you mean lookups (like dig, nslookup, gethostbyname) are timing out? Do you mean a zone record has expired? Do you mean a slave/secondary zone is not updated? Jeremy C. Reed http://www.reedmedia.net/ http://bsd.reedmedia.net/ -- BSD news and resources http://www.isp-faq.com/-- find answers to your questions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Cyberlink Internet Services AGTel +41 1 287 2992 SystemAdministration Tel +41 1 287 2993 Richard Wagnerstrasse 6 Fax +41 1 287 2991 CH-8002 Zuerich [EMAIL PROTECTED] http://www.cyberlink.ch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]