Date: Mon, 6 Aug 2001 21:25:00 -0700 (PDT) From: "f.johan.beisser" <jan@caustic.org> To: User & Ian Patrick Thomas <ipthomas_77@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Is this what the Code Red II worm does? Message-ID: <Pine.BSF.4.21.0108062114590.5567-100000@pogo.caustic.org> In-Reply-To: <20010806234045.A340@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 6 Aug 2001, User & Ian Patrick Thomas wrote: > When I try this IP, 24.218.162.152, I get an error message saying that > too many people are trying to access this website. Both of these seem like > symptoms of the worm. Does this sound right? Is this what the Code Red II > worm is supposed to do, DoS or defacement? Just curious. Code Red II is another IIS worm. it can't infect a freebsd box, but it will fill your httpd logs with useless data. if a machine behind your firewall is infected, it will be scanning the subnets closest to it. i would suggest having all your NT boxes checked out for virii. you should consider running an IDS like snort (/usr/ports/security/snort), or run packet analysis to see what kind of traffic is running. other than that, i would suggest digging a bit more heavily in to the kinds of traffic you are expecting on this network. -- jan -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "if my thought-dreams could be seen.. "they'd probably put my head in a gillotine" -- Bob Dylan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0108062114590.5567-100000>