From owner-freebsd-questions Sun Aug 5 20: 6: 2 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail34.sdc1.sfba.home.com (femail34.sdc1.sfba.home.com [24.254.60.24]) by hub.freebsd.org (Postfix) with ESMTP id 4FFF237B403; Sun, 5 Aug 2001 20:05:56 -0700 (PDT) (envelope-from europax@home.com) Received: from home.com ([24.12.186.185]) by femail34.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010806030556.VICV15269.femail34.sdc1.sfba.home.com@home.com>; Sun, 5 Aug 2001 20:05:56 -0700 Message-ID: <3B6E0999.45595492@home.com> Date: Sun, 05 Aug 2001 20:06:01 -0700 From: Rob X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Cc: questions@FreeBSD.ORG Subject: Re: Code Red 2 - (was : Attempted Buffer Overrun in via httpd? ) References: <20010805222826.9412F1FA2A9@deborah.paradise.net.nz> <200108060035.f760Zkx30388@grumpy.dyndns.org> <20010805222517.A33022@acadia.ne.mediaone.net> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Louis LeBlanc wrote: > > If you are only getting one every 5 minutes, you're not being targeted > much, meaning you're not very high on the prng cycle. I've gotten > about 1300 hits since I closed off the firewall - I never get much > traffic, other than myself :) from work, etc. > > I'm seeing anywhere from 3 to 7 per minute in the last hour. > > I wonder if they'll _ever_ get this one under wraps? > > *THANKS* bill! > > L > On 08/05/01 07:35 PM, David Kelly sat at the `puter and typed: > > rshea@opendoor.co.nz writes: > > > Although Code Red is old news (hopefully) to everyone with IIS machines in > > > their network I would just point out that in the last 36 hours a so called Code > > > Red II has arisen (if you look in your logs you'll see that some of the > > > default.ida attempts now have a padding of 'X' rather than 'N'). It has a much > > > nastier effect and rebooting ain't going to fix it. Once again the June 18 IIS > > > patch will avoid infection ... > > > > Is getting bad as on Aug 1 there was an average of 1 per hour on each of > > my work and home firewalls were there are no web servers. In the last > > day it has escalated to one every 5 minutes or so. Had a few on July 19. > > > > Normally I see a single poke on port 80 about once per week. Code Red > > apparently pokes 3 times before moving on. > > > > -- > > David Kelly N4HHE, dkelly@hiwaay.net > > ===================================================================== > > The human mind ordinarily operates at only ten percent of its > > capacity -- the rest is overhead for the operating system. > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > -- > Louis LeBlanc leblanc@acadia.ne.mediaone.net > Fully Funded Hobbyist, KeySlapper Extrordinaire :) > http://acadia.ne.mediaone.net ԿԬ > > Davis' Law of Traffic Density: > The density of rush-hour traffic is directly proportional to > 1.5 times the amount of extra time you allow to arrive on time. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message My @home service has the cable modem lights blinking constantly, as fast as when I'm cvsup'ing :) Ipfstat shows only 1000 blocked packets, so it must be going to my other machine. Rob. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message