[40247] in North American Network Operators' Group
Re: Code Red Hammering Away
daemon@ATHENA.MIT.EDU (michael@aplatform.com)
Sat Aug 4 19:37:18 2001
Date: Sat, 4 Aug 2001 16:36:43 -0700 (PDT)
From: <michael@aplatform.com>
To: Advanced Hosting UNIX Admin Daniel Fairchild <danielf@supportteam.net>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <01080417354307.02314@hades>
Message-ID: <Pine.LNX.4.33.0108041636240.4918-100000@aplatform.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Yup Im seeing the XXXX's now. :((
Another round??
Michael...
On Sat, 4 Aug 2001, Advanced Hosting UNIX Admin Daniel Fairchild wrote:
>
> Speaking of sharing experiances it is beating the crap out of our unix
> servers we install aplicatino firewalls on all the NT machines and there were
> patched anyway before the last one hit. But all the requestes to the port 80
> is taking down the webserver and affecting the machine because of access
> logs.
>
> bummer. :(
>
>
> On Saturday 04 August 2001 16:24, you wrote:
> > Le (On) Sat, Aug 04, 2001 at 05:14:09PM -0400, Bob K ecrivit (wrote):
> > > > > 4:53:48pm|melange@host:/home/melange> grep default.ida
> > > > > /var/log/httpd-access.log | grep XXXXX | wc -l 6
> > > >
> > > > I've started seeing LOTS of XXXXX hits as of approx 1 hour ago.
> > > > 5 in one hour and counting...
> > >
> > > Just for reference, here's the logs of this new variant:
> >
> > Pretty interesting, maybe all nanog-post subscribers could share their
> > experience with this worm too. Especially if you've seen a lot of non-[XN]
> > alphanumerical chars.
> >
> > Sorry, but this worm caused more damages to mailing lists than anything
> > else, on the Internet. Looks more like a chain-letter...
>
> --
> Advanced Hosting UNIX Admin | Daniel Fairchild danielf@supportteam.net
> To rate my service or provide feedback, please visit the following URL:
> http://www.supportteam.net/rate.php3
>
> Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
>
