Date: Fri, 20 Jul 2001 22:21:18 -0500 (EST) From: Richard Lucas <rlucas@solidcomputing.com> To: David Powers <dnpowers@swbell.net> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Recent probes Message-ID: <20010720221836.F896-100000@mx2.threeh.com> In-Reply-To: <00b401c11182$fb2f8260$0401a8c0@swbell.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 Jul 2001, David Powers wrote: > I have been getting a rash of probes to TCP/80 recently, is there a recent > issue that they might be trying to exploit? Below is the data on the probes > origination. > > /kernel: ipfw: 65435 Deny TCP 203.126.35.77:2543 64.218.90.203:80 in via > tun0 > Quite a few people have. There's a worm that infects IIS servers and then tries random ip's to try to infect other computers that was hitting quite a bit yesterday. Here's some more info: http://www.net-security.org/text/articles/coverage/code-red/ -Richard To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010720221836.F896-100000>