From owner-freebsd-questions Sat Aug 4 10:37:21 2001 Delivered-To: freebsd-questions@freebsd.org Received: from jdl.com (chrome.jdl.com [209.39.144.2]) by hub.freebsd.org (Postfix) with ESMTP id 6455737B401 for ; Sat, 4 Aug 2001 10:37:19 -0700 (PDT) (envelope-from jdl@jdl.com) Received: from localhost ([127.0.0.1] helo=jdl.com) by jdl.com with esmtp (Exim 3.32 #1) id 15T5RI-000B0V-00; Sat, 04 Aug 2001 12:42:16 -0500 To: Fernando Gleiser Cc: questions@FreeBSD.ORG Subject: Re: Attempted Buffer Overrun in via httpd? In-reply-to: Your message of "Sat, 04 Aug 2001 14:27:37 -0300." <20010804142321.X91592-100000@cactus.fi.uba.ar> Clarity-Index: null Threat-Level: none Software-Engineering-Dead-Seriousness: There's no excuse for unreadable code. Net-thought: If you meet the Buddha on the net, put him in your Kill file. Date: Sat, 04 Aug 2001 12:42:16 -0500 From: Jon Loeliger Message-Id: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG So, like Fernando Gleiser was saying to me just the other day: > > It smells like code red. It is a worm which tries to exploit a vulnerability > in M$ IIS. Ah! Duh. Wait, I'm catching up here... What's the current virus knocking on everyone's door? Oh yeah, _I_ remember now! Code Red. > Apache (AFAIK) is not vulnerable. Excellent. > The request comes from an infected machine, maybe you want to inform the > webmaster about this. Heh. If I were to do that, I'd do _nothing_ else! I have hundreds of them, and they are mostly from various dial-up looking DNS names. Ugh. Thanks for the info!, jdl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message