From owner-freebsd-security Thu Aug 16 23:47:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from mx1.deloitte.com.au (mx1.deloitte.com.au [210.11.17.9]) by hub.freebsd.org (Postfix) with ESMTP id 01AAF37B405 for ; Thu, 16 Aug 2001 23:47:18 -0700 (PDT) (envelope-from jshevland@deloitte.com.au) Received: from ausyd0490.deloitte.com.au (unverified) by mx1.deloitte.com.au (Content Technologies SMTPRS 4.1.5) with ESMTP id ; Fri, 17 Aug 2001 16:38:21 +1000 Received: by ausyd0490.deloitte.com.au with Internet Mail Service (5.5.2653.19) id ; Fri, 17 Aug 2001 16:47:16 +1000 Message-ID: From: "Shevland, Joseph (AU - Hobart)" To: 'default - Subscriptions' , "'freebsd-security@FreeBSD.ORG'" Subject: RE: Silly crackers... NT is for kids... Date: Fri, 17 Aug 2001 16:47:16 +1000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org It the CodeRed (II) virus, but there's no sinister Evil Dude/s picking on you; these comprised IIS servers randomly try and infect any other IP/server they can connect to port 80 on... its a bit of a DoS for some people, hopefully the IIS weenies will patch their servers as soon as possible so these things stop. Cheers, Joe > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of default - > Subscriptions > Sent: Friday, 17 August 2001 4:35 PM > To: freebsd-security@FreeBSD.ORG > Subject: Silly crackers... NT is for kids... > > > Hi, > > Recently hundreds of I.P. addresses have been attempting to use an NT > exploit on my FreeBSD web server as if it were an NT > server... Apache logs > the attack like this: > ci9809-a.ruthfd1.tn.home.com - - [17/Aug/2001:00:53:16 -0500] "GET > /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > XXXXXXXXXXXXXX > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > XXXXXXXXXXXXXX > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > XXXXXXXXXXXXXX > XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u909 > 0%u6858%ucbd3% > u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0 > 000%u00=a > HTTP/1.0" 404 276 "-" "-" ***********Confidentiality/Limited Liability Statement*************** Have the latest business news and in depth analysis delivered to your desktop. Subscribe to "Insights", Deloitte's fortnightly email business bulletin . . . http://www.deloitte.com.au/preferences/preference.asp This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Deloitte Touche Tohmatsu immediately. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Deloitte. The liability of Deloitte Touche Tohmatsu, is limited by, and to the extent of, the Accountants' Scheme under the Professional Standards Act 1994 (NSW). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message