Date: Sun, 30 Dec 2001 23:15:03 -0700 From: "Chad R. Larson" <chad@DCFinc.com> To: Ulf Zimmermann <ulf@Alameda.net> Cc: Peter Ong <peter@haloflightleader.net>, "Julien B." <jbe@cpu.ath.cx>, freebsd-stable@FreeBSD.ORG Subject: Re: Trying NT Hacks Message-ID: <20011230231503.C27209@freeway.dcfinc.com> In-Reply-To: <20011227191144.X90222@seven.alameda.net>; from ulf@Alameda.net on Thu, Dec 27, 2001 at 07:11:44PM -0800 References: <013a01c18f48$f156cf20$0101a8c0@haloflightleader.net> <20011228035757.A99350@harimandir> <018901c18f4c$22402480$0101a8c0@haloflightleader.net> <20011227191144.X90222@seven.alameda.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 27, 2001 at 07:11:44PM -0800, Ulf Zimmermann wrote: > Nimda for example is scanning anything from the infected hosts > /16 address space. For example your machine is in the > 64.81.0.0/16 address block (Speakeasy DSL), then that infected > machine would scan all those ips for more unsecured IIS to > spread more. Since I've got no accursed Microsoft products anywhere near my publicly visable systems, a simple grep for "default" in the httpd access logs will do it. -crl -- Chad R. Larson (CRL15) 602-953-1392 Brother, can you paradigm? chad@dcfinc.com chad@larsons.org larson1@home.com DCF, Inc. - 14623 North 49th Place, Scottsdale, Arizona 85254-2207 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011230231503.C27209>