Date: Sun, 05 Aug 2001 19:35:46 -0500 From: David Kelly <dkelly@hiwaay.net> To: questions@FreeBSD.ORG Subject: Re: Code Red 2 - (was : Attempted Buffer Overrun in via httpd? ) Message-ID: <200108060035.f760Zkx30388@grumpy.dyndns.org> In-Reply-To: Message from rshea@opendoor.co.nz of "Mon, 06 Aug 2001 10:28:21 %2B1200." <20010805222826.9412F1FA2A9@deborah.paradise.net.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
rshea@opendoor.co.nz writes: > Although Code Red is old news (hopefully) to everyone with IIS machines in > their network I would just point out that in the last 36 hours a so called Code > Red II has arisen (if you look in your logs you'll see that some of the > default.ida attempts now have a padding of 'X' rather than 'N'). It has a much > nastier effect and rebooting ain't going to fix it. Once again the June 18 IIS > patch will avoid infection ... Is getting bad as on Aug 1 there was an average of 1 per hour on each of my work and home firewalls were there are no web servers. In the last day it has escalated to one every 5 minutes or so. Had a few on July 19. Normally I see a single poke on port 80 about once per week. Code Red apparently pokes 3 times before moving on. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108060035.f760Zkx30388>