[40245] in North American Network Operators' Group
Re: Code Red Hammering Away
daemon@ATHENA.MIT.EDU (Advanced Hosting UNIX Admin Daniel)
Sat Aug 4 18:37:16 2001
From: Advanced Hosting UNIX Admin Daniel Fairchild <danielf@supportteam.net>
To: NANOG <nanog@merit.edu>
Date: Sat, 4 Aug 2001 17:35:43 -0500
Content-Type: text/plain;
charset="us-ascii"
In-Reply-To: <20010804232429.B62580@anthologeek.net>
MIME-Version: 1.0
Message-Id: <01080417354307.02314@hades>
Content-Transfer-Encoding: 8bit
Errors-To: owner-nanog-outgoing@merit.edu
Speaking of sharing experiances it is beating the crap out of our unix
servers we install aplicatino firewalls on all the NT machines and there were
patched anyway before the last one hit. But all the requestes to the port 80
is taking down the webserver and affecting the machine because of access
logs.
bummer. :(
On Saturday 04 August 2001 16:24, you wrote:
> Le (On) Sat, Aug 04, 2001 at 05:14:09PM -0400, Bob K ecrivit (wrote):
> > > > 4:53:48pm|melange@host:/home/melange> grep default.ida
> > > > /var/log/httpd-access.log | grep XXXXX | wc -l 6
> > >
> > > I've started seeing LOTS of XXXXX hits as of approx 1 hour ago.
> > > 5 in one hour and counting...
> >
> > Just for reference, here's the logs of this new variant:
>
> Pretty interesting, maybe all nanog-post subscribers could share their
> experience with this worm too. Especially if you've seen a lot of non-[XN]
> alphanumerical chars.
>
> Sorry, but this worm caused more damages to mailing lists than anything
> else, on the Internet. Looks more like a chain-letter...
--
Advanced Hosting UNIX Admin | Daniel Fairchild danielf@supportteam.net
To rate my service or provide feedback, please visit the following URL:
http://www.supportteam.net/rate.php3
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
