Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Nov 2001 23:41:54 -0500
From:      Louis LeBlanc <leblanc+freebsd@keyslapper.org>
To:        fbsd <freebsd-questions@FreeBSD.ORG>, freebsd-questions@FreeBSD.ORG
Subject:   Re: Is this an attack guys???Help!
Message-ID:  <20011116044153.GB53683@keyslapper.org>
In-Reply-To: <009c01c16e4a$4f65ee40$6600000a@ach.domain>
References:  <20011116024710.22642.qmail@web12005.mail.yahoo.com> <009c01c16e4a$4f65ee40$6600000a@ach.domain>
next in thread | previous in thread | raw e-mail | index | archive | help 

--jq0ap7NbKX2Kqbes
Content-Type: text/plain; charset=unknown-8bit
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 11/15/01 09:56 PM, Andrew C. Hornback sat at the `puter and typed:
> > -----Original Message-----
> > From: owner-freebsd-questions@FreeBSD.ORG
> > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Keith Spencer
> > Sent: Thursday, November 15, 2001 9:47 PM
> > To: fbsd
> > Subject: Is this an attack guys???Help!
> >
> > Hi all,
> > This is an Apache error log snippet.
> > My server is infact FreeBSD 4.4
> > I often find these page request errors from the same
> > address or one of the same C-class space.
> > IT looks lke an attack to me...What thinks you?
> > Thanks Keith
> > +++++++++++++++++++++++++++++++++++
>=20
> [log snipped]
>=20
> 	You're being attacked by the Nimda/Code Red series of virii.  Biggest
> things you've got to worry about are filling up your log files with this
> crap and filling up your pipe to the rest of the world.  As far as I know,
> you're in no danger of actually being compromised by this.
>=20

Exactly. Your system  is not at any security risk  from these attacks,
and you can get around the over bloated log files. I have some info on
that up on http://www.keyslapper.org/Nimda/

You  can  even  install  a  handler to  report  the  infected  systems
to  SecurityFocus  and  the  sources' abuse  authorities.  Same  page.
Installing this  handler will even reduce  the error log file  size by
making  these bogus  URLs match  (most  of them,  anyway) rather  than
generating an error.

HTH
Lou
--=20
Louis LeBlanc               leblanc@keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org                     =D4=BF=D4=AC

Pudder's Law:
  Anything that begins well will end badly.
  (Note: The converse of Pudder's law is not true.)

--jq0ap7NbKX2Kqbes
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE79JkReAPWYrNkRWIRAiy0AJ4xjnaVgEQV7YZ2/JJz6nq9GNo12gCfUjti
4v9vwDBNHjTuVo6GNtrksro=
=4uwe
-----END PGP SIGNATURE-----

--jq0ap7NbKX2Kqbes--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011116044153.GB53683>