From owner-freebsd-questions Mon Aug 20 8:34:10 2001 Delivered-To: freebsd-questions@freebsd.org Received: from panda.freebsdsystems.com (216.126.94.34 [216.126.94.34]) by hub.freebsd.org (Postfix) with SMTP id 0870B37B410 for ; Mon, 20 Aug 2001 08:34:06 -0700 (PDT) (envelope-from lnb@FreeBSDsystems.COM) Received: (qmail 12974 invoked by uid 89); 20 Aug 2001 15:34:04 -0000 Message-ID: <20010820153404.12973.qmail@panda.freebsdsystems.com> References: <20010820212817.C459@k7.mavetju.org> In-Reply-To: <20010820212817.C459@k7.mavetju.org> From: "Lanny Baron" To: Edwin Groothuis Cc: Jason Halbert , questions@freebsd.org Subject: Re: Code Red Date: Mon, 20 Aug 2001 15:34:04 GMT Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Sender: lnb@FreeBSDsystems.COM Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The one thing that I keep thinking about is that will worms and viruses like this one hurt the UNIX communtiy. Not speaking here of apache or FreeBSD. Rather, will the doze community think that the UNIX community is a bunch of whatevers? --lanny Edwin Groothuis writes: > On Mon, Aug 20, 2001 at 11:18:09AM -0000, Jason Halbert wrote: >> Hello Everyone: >> >> I just want to clear something up. Something that's bothering me that >> is.. The Code Red Worm is strictly an NT IIS thing, right? The > > It's only an IIS thing. (due to some reason I keep on calling it > an ISS thing, maybe I'm too much a space-geek :-) > >> screen, Apache just sends a 404. I have been told also that even >> Apache servers running under Windows would be unaffected. > > It's only an IIS thing, Apache under whatever OS is not vulnerable > for it. > >> Also, another note of interest.. These Code Red requests seem to be >> coming from other boxes in my domain (*.dsl.att.net) and no where >> else. Anyone like to venture a guess as to why? > > That's because of the way it's designed (well, at least Code Red > 2). They thought that it would be handier to find some friends > nearby than to look at random places :-) > > See http://www.incidents.org/react/code_redII.php for the Code Red > 2 FAQ of the SANS institute, it tells you exactly how it works. > > Edwin > > -- > Edwin Groothuis | Personal website: http://www.MavEtJu.org > edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: > ------------------+ http://www.FatalDimensions.org/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message ~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~= Lanny Baron And he said, Let there be light, and FreeBSD was created and he saw it was GOOD. He said, Hey Kids Rock 'N' Roll FreeBSD! Servers built with the power to Serve http://www.FreeBSDsystems.com 1.877.963.1900 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message