Date: Wed, 19 Sep 2001 03:15:14 +0100 From: "Mark Hughes" <mark@dvdnews.co.uk> To: "klein brock" <getzz1@yahoo.com>, "Christian S ." <cschreiber@netrail.net> Cc: "Matthew Emmerton" <matt@gsicomp.on.ca>, <questions@FreeBSD.ORG> Subject: Re: FIREWALL REALLY NEED HELP Message-ID: <030301c140b1$09ee3640$0200a8c0@mark2> References: <20010919020837.87629.qmail@web20106.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> not just that.. the ip that attack my server are more > than 10.000. this is some of them: > > 209.8.63.66 - - [18/Sep/2001:17:38:20 -0700] "GET > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 288 > 209.8.172.53 - - [18/Sep/2001:17:38:20 -0700] "GET > /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" 400 285 > 209.8.92.226 - - [18/Sep/2001:17:38:20 -0700] "GET > /scripts/root.exe?/c+dir HTTP/1.0" 404 280 > 209.8.172.53 - - [18/Sep/2001:17:38:20 -0700] "GET > /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" 404 302 > 209.8.92.226 - - [18/Sep/2001:17:38:21 -0700] "GET > /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" 404 301 > 209.8.172.53 - - [18/Sep/2001:17:38:21 -0700] "GET > /scripts/..%252f../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" 404 302 > > it has 216.*.*.* for more than 100 ip, 209.*.*.* more > than 1000 ips, 205.128.*.* > > i really tired of this., it suffer my server for more > than 1 week.. if anybody can help me ... i would > appreciate it. they have more than 10.000 ips. that all sounds suspiciously like a code red / code blue / nammbaaanada (sp?) virus that's spread onto an area network and is trying to infect your machine... I could be wrong, what do others think? Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?030301c140b1$09ee3640$0200a8c0>