From owner-freebsd-security Fri Jul 20 20:21:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from mx2.threeh.com (ct515603-b.lafayt1.in.home.com [24.22.253.67]) by hub.freebsd.org (Postfix) with ESMTP id B773537B405 for ; Fri, 20 Jul 2001 20:21:20 -0700 (PDT) (envelope-from rlucas@solidcomputing.com) Received: from localhost (rlucas@localhost) by mx2.threeh.com (8.11.3/8.11.3) with ESMTP id f6L3LIt00939; Fri, 20 Jul 2001 22:21:19 -0500 (EST) (envelope-from rlucas@solidcomputing.com) Date: Fri, 20 Jul 2001 22:21:18 -0500 (EST) From: Richard Lucas X-X-Sender: To: David Powers Cc: Subject: Re: Recent probes In-Reply-To: <00b401c11182$fb2f8260$0401a8c0@swbell.net> Message-ID: <20010720221836.F896-100000@mx2.threeh.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 20 Jul 2001, David Powers wrote: > I have been getting a rash of probes to TCP/80 recently, is there a recent > issue that they might be trying to exploit? Below is the data on the probes > origination. > > /kernel: ipfw: 65435 Deny TCP 203.126.35.77:2543 64.218.90.203:80 in via > tun0 > Quite a few people have. There's a worm that infects IIS servers and then tries random ip's to try to infect other computers that was hitting quite a bit yesterday. Here's some more info: http://www.net-security.org/text/articles/coverage/code-red/ -Richard To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message