Date: Mon, 20 Aug 2001 21:28:17 +1000 From: Edwin Groothuis <edwin@mavetju.org> To: Jason Halbert <jason@jason-n3xt.org> Cc: questions@freebsd.org Subject: Re: Code Red Message-ID: <20010820212817.C459@k7.mavetju.org> In-Reply-To: <JKEKIFNEJJDCJPPDHPIFKEBACBAA.jason@jason-n3xt.org>; from jason@jason-n3xt.org on Mon, Aug 20, 2001 at 11:18:09AM -0000 References: <JKEKIFNEJJDCJPPDHPIFKEBACBAA.jason@jason-n3xt.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 20, 2001 at 11:18:09AM -0000, Jason Halbert wrote: > Hello Everyone: > > I just want to clear something up. Something that's bothering me that > is.. The Code Red Worm is strictly an NT IIS thing, right? The It's only an IIS thing. (due to some reason I keep on calling it an ISS thing, maybe I'm too much a space-geek :-) > screen, Apache just sends a 404. I have been told also that even > Apache servers running under Windows would be unaffected. It's only an IIS thing, Apache under whatever OS is not vulnerable for it. > Also, another note of interest.. These Code Red requests seem to be > coming from other boxes in my domain (*.dsl.att.net) and no where > else. Anyone like to venture a guess as to why? That's because of the way it's designed (well, at least Code Red 2). They thought that it would be handier to find some friends nearby than to look at random places :-) See http://www.incidents.org/react/code_redII.php for the Code Red 2 FAQ of the SANS institute, it tells you exactly how it works. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: ------------------+ http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010820212817.C459>