From owner-freebsd-questions Sun Aug 5 19:29:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls20.mediaone.net (chmls20.mediaone.net [24.147.1.156]) by hub.freebsd.org (Postfix) with ESMTP id 5911837B401; Sun, 5 Aug 2001 19:29:27 -0700 (PDT) (envelope-from leblanc@smtp.ne.mediaone.net) Received: from canada.acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189]) by chmls20.mediaone.net (8.11.1/8.11.1) with ESMTP id f762TEB13587; Sun, 5 Aug 2001 22:29:14 -0400 (EDT) Received: (from leblanc@localhost) by canada.acadia.ne.mediaone.net (8.11.5/8.11.5) id f762PNg33176; Sun, 5 Aug 2001 22:25:23 -0400 (EDT) (envelope-from leblanc) Date: Sun, 5 Aug 2001 22:25:18 -0400 From: Louis LeBlanc To: questions@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Code Red 2 - (was : Attempted Buffer Overrun in via httpd? ) Message-ID: <20010805222517.A33022@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.ORG Mail-Followup-To: questions@FreeBSD.ORG, freebsd-questions@FreeBSD.org References: <20010805222826.9412F1FA2A9@deborah.paradise.net.nz> <200108060035.f760Zkx30388@grumpy.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200108060035.f760Zkx30388@grumpy.dyndns.org> User-Agent: Mutt/1.3.20i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG If you are only getting one every 5 minutes, you're not being targeted much, meaning you're not very high on the prng cycle. I've gotten about 1300 hits since I closed off the firewall - I never get much traffic, other than myself :) from work, etc. I'm seeing anywhere from 3 to 7 per minute in the last hour. I wonder if they'll _ever_ get this one under wraps? *THANKS* bill! L On 08/05/01 07:35 PM, David Kelly sat at the `puter and typed: > rshea@opendoor.co.nz writes: > > Although Code Red is old news (hopefully) to everyone with IIS machines in > > their network I would just point out that in the last 36 hours a so called Code > > Red II has arisen (if you look in your logs you'll see that some of the > > default.ida attempts now have a padding of 'X' rather than 'N'). It has a much > > nastier effect and rebooting ain't going to fix it. Once again the June 18 IIS > > patch will avoid infection ... > > Is getting bad as on Aug 1 there was an average of 1 per hour on each of > my work and home firewalls were there are no web servers. In the last > day it has escalated to one every 5 minutes or so. Had a few on July 19. > > Normally I see a single poke on port 80 about once per week. Code Red > apparently pokes 3 times before moving on. > > -- > David Kelly N4HHE, dkelly@hiwaay.net > ===================================================================== > The human mind ordinarily operates at only ten percent of its > capacity -- the rest is overhead for the operating system. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Davis' Law of Traffic Density: The density of rush-hour traffic is directly proportional to 1.5 times the amount of extra time you allow to arrive on time. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message