Date: Sat, 26 Jan 2002 18:32:00 +0100 From: Miguel Mendez <flynn@energyhq.homeip.net> To: "William J. Borskey" <wborskey@hotmail.com>, freebsd-security@freebsd.org Subject: Re: weird server activity Message-ID: <20020126173226.EF0013FC07@energyhq.homeip.net> In-Reply-To: <F31rfFz82buW5RNB6Hf00001c34@hotmail.com> References: <F31rfFz82buW5RNB6Hf00001c34@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 26 January 2002 18:13, William J. Borskey wrote:
Hi there,
> sounding paths, but it wasnt code red or anything like code red:
No, it's not Code Red, it's Nimda IIRC. I used to get it on my server all the
time until I got tired of it and banned 213/8 with ipfw. Unless you are
getting lots of requests and have a high number in MaxSpareServers I don't
see how this alone could have caused the machine to be unable to spawn more
preocesses. If possible run some network monitoring software like e.g. snort
and watch for DoS attempts, but I would discard the worm being the cause.
Cheers,
--
Miguel Mendez - flynn@energyhq.homeip.net
EnergyHQ :: http://energyhq.homeip.net
FreeBSD - The power to serve!
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020126173226.EF0013FC07>