Date: Mon, 6 Aug 2001 23:40:45 -0400 From: User & Ian Patrick Thomas <ipthomas_77@yahoo.com> To: freebsd-questions@freebsd.org Subject: Is this what the Code Red II worm does? Message-ID: <20010806234045.A340@localhost>
next in thread | raw e-mail | index | archive | help
After doing an ipfw show after rebooting, I noticed the following
00106 5 216 (T 0, # 81) ty 0 tcp, 24.49.81.9 4061 <-> 24.49.117.213 80
00106 5 216 (T 0, # 174) ty 0 tcp, 24.240.245.40 2819 <-> 24.49.117.213 80
00106 5 216 (T 0, # 198) ty 0 tcp, 24.218.162.152 3547 <-> 24.49.117.213 80
this is the ruleset it matched
00106 43 3202 allow tcp from any to any keep-state setup
The thing is, I didn't go to any of these sites. In fact, I did
absolutely no surfing at all yet. Here is what this IP, 24.240.245.40,
gives you...
CHINA Government
fuck PoizonBOx
contact:sysadmcn@yahoo.com.cn
When I try this IP, 24.218.162.152, I get an error message saying that
too many people are trying to access this website. Both of these seem like
symptoms of the worm. Does this sound right? Is this what the Code Red II
worm is supposed to do, DoS or defacement? Just curious.
Ian
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010806234045.A340>