From owner-freebsd-security Sat Jul 21 14:16:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from cassie.foobarbaz.net (195.mudb.snfc.snfccafj.dsl.att.net [12.99.91.195]) by hub.freebsd.org (Postfix) with SMTP id 52BD937B405 for ; Sat, 21 Jul 2001 14:16:52 -0700 (PDT) (envelope-from enkhyl@foobarbaz.net) Received: (qmail 15432 invoked by uid 1000); 21 Jul 2001 21:04:47 -0000 Date: Sat, 21 Jul 2001 14:04:47 -0700 From: Enkhyl To: nathan@salvation.unixgeeks.com Cc: freebsd-security@freebsd.org Subject: Re: possible? Message-ID: <20010721140447.X89481@cassie.foobarbaz.net> Reply-To: enkhyl@pobox.com Mail-Followup-To: nathan@salvation.unixgeeks.com, freebsd-security@freebsd.org References: <20010721204942.12010.qmail@salvation.unixgeeks.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010721204942.12010.qmail@salvation.unixgeeks.com>; from nathan@salvation.unixgeeks.com on Sat, Jul 21, 2001 at 08:49:42PM -0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Jul 21, 2001 at 08:49:42PM -0000, nathan@salvation.unixgeeks.com wrote: [snip] > this same exact get request came from several different address as well. such > as: 128.138.105.172, 202.157.154.126, and a couple of others. any ideas? any > remote exploits in apache i've missed? i'm running Apache/1.3.19 Server.. This is from the Code Red worm. Take a look at the threads on Bugtraq and/or Nanog lists. -- Christopher Nielsen - Metal-wielding pyro techie cnielsen@pobox.com "Any technology indistinguishable from magic is insufficiently advanced." --unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message