RE: [expert] Strange Hits
it might still be codered or nimda,, my port 80 is still getting hammered by them.. you can tell by starting your web server, opening your firewall on port 80, then checking your server log. /var/log/httpd/error_log if you see a heap of calls to a file called cmd.exe or default.ida (there are a couple of others too) then thats the problem, code red and nimda. rgds Frank -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Angus BeathSent: Wednesday, 16 October 2002 10:46 AMTo: [EMAIL PROTECTED]Subject: Re: [expert] Strange Hitsdude, you are probably being portscanned by a range of machines that have been infected with a virus - klez or slapper or something similar. Your firewall should cover you quite nicely. Angus On Wed, 2002-10-16 at 12:07, Sevatio wrote: LM8.2 service: attbi I keep getting hits on port 80 from the following addresses. I'm curious if any of you know why. I don't have a apache running but have a firewall up that catching these hits. Why would they keep visiting even when I don't have my server running? These are the IP addresses that have been logged in the last hour. 12.235.161.16 12.228.11.35 12.235.65.112 12.235.79.28 12.235.104.77 12.235.81.111 The IP addresses point to some location in Parsippani NJ. I used the visualroute to locate origin. http://visualroute.visualware.com/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Strange Hits
LM8.2 service: attbi I keep getting hits on port 80 from the following addresses. I'm curious if any of you know why. I don't have a apache running but have a firewall up that catching these hits. Why would they keep visiting even when I don't have my server running? These are the IP addresses that have been logged in the last hour. 12.235.161.16 12.228.11.35 12.235.65.112 12.235.79.28 12.235.104.77 12.235.81.111 The IP addresses point to some location in Parsippani NJ. I used the visualroute to locate origin. http://visualroute.visualware.com/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Strange Hits
dude, you are probably being portscanned by a range of machines that have been infected with a virus - klez or slapper or something similar. Your firewall should cover you quite nicely. Angus On Wed, 2002-10-16 at 12:07, Sevatio wrote: LM8.2 service: attbi I keep getting hits on port 80 from the following addresses. I'm curious if any of you know why. I don't have a apache running but have a firewall up that catching these hits. Why would they keep visiting even when I don't have my server running? These are the IP addresses that have been logged in the last hour. 12.235.161.16 12.228.11.35 12.235.65.112 12.235.79.28 12.235.104.77 12.235.81.111 The IP addresses point to some location in Parsippani NJ. I used the visualroute to locate origin. http://visualroute.visualware.com/ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com