From owner-freebsd-questions  Sun Feb  3 23:25: 5 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from radwaste.oaep.go.th (ppp16.modem56.actconnect.net [203.155.127.16])
	by hub.freebsd.org (Postfix) with ESMTP id EB11537B41B
	for <questions@FreeBSD.ORG>; Sun,  3 Feb 2002 23:24:56 -0800 (PST)
Received: (from pirat@localhost)
	by radwaste.oaep.go.th (8.11.6/8.11.3) id g147ixv02637;
	Mon, 4 Feb 2002 14:44:59 +0700 (ICT)
	(envelope-from pirat@access.inet.co.th)
X-Authentication-Warning: radwaste.oaep.go.th: pirat set sender to pirat@access.inet.co.th using -f
Date: Mon, 4 Feb 2002 14:44:54 +0700
From: pirat <pirat@access.inet.co.th>
To: "Matthew P. Marino" <bind9@citystamp.com>
Cc: questions@FreeBSD.ORG
Subject: Re: strange apache log output
Message-ID: <20020204144454.A1905@radwaste.oaep.go.th>
Mail-Followup-To: pirat <pirat@access.inet.co.th>,
	"Matthew P. Marino" <bind9@citystamp.com>, questions@FreeBSD.ORG
References: <20020120094603.A16651@radwaste.oaep.go.th> <3C4C4207.55237217@citystamp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3C4C4207.55237217@citystamp.com>; from bind9@citystamp.com on Mon, Jan 21, 2002 at 11:29:59AM -0500
X-Operating-System: FreeBSD-4.4 STABLE
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

hi sirs,

thanks for all of you who help me in this case.
can tha command ipfw add deny all from 203.155.64.7 to any be able block them out of my machine ?

please cc to me since i do not subscribe to the list.

with best regards,
psr

On Mon, Jan 21, 2002 at 11:29:59AM -0500, Matthew P. Marino wrote:
> Date: Mon, 21 Jan 2002 11:29:59 -0500
> From: "Matthew P. Marino" <bind9@citystamp.com>
> X-Mailer: Mozilla 4.75C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; U; PPC)
> To: pirat <pirat@access.inet.co.th>
> CC: questions@FreeBSD.ORG
> Subject: Re: strange apache log output
> 
> It's an attempted windows exploit. A version of the CodeRED. Anoying but not a
> problem. Do a lookup on the IP to find it's owner and nag the snots out of them.
> They are likely infected and are a danger to others. Albeit foolish others.
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message