Date: Wed, 19 Sep 2001 05:42:21 +0100 From: "Mark Hughes" <mark@dvdnews.co.uk> To: "klein brock" <getzz1@yahoo.com>, "Brian Whalen" <bri@sonicboom.org> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: virus ? Message-ID: <036601c140c5$8c289790$0200a8c0@mark2> References: <20010919043057.41265.qmail@web20104.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > that all sounds suspiciously like a code red / > > code blue / nammbaaanada > > > (sp?) virus that's spread onto an area network and > > is trying to infect your > > > machine... > > > > > > I could be wrong, what do others think? > > These > > people are likely not directly attacking you, but > > being unknowing > > participants in this. > what is the possible things on my server that can be > infected by this virus ? Nothing, it only affects microsoft servers but it tries to spread itself indiscriminently by probing in the manner your log shows - looking for those certain files. There's not much you can do about it - and blocking access to that netblock would obviously stop it getting further than your public facing network card... it's an annoyance for you, it's an annoyance for the rest of the world. I'd imagine the best thing to do would be to contact the owner of that netblock of IP addresses and tell them to get their systems patched up to date, ASAP, and in the mean time you could block access from that IP block - it depends what your server is supposed to be doing - if it's running as a gateway machine then it would be unlikely to cause you any problems, if you are running a web or mail server then obviously anyone in that netblock would not be able to access your server - with all the problems that would entail. HTH, Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?036601c140c5$8c289790$0200a8c0>