Date: Tue, 7 Aug 2001 16:55:27 -0400 From: User & Ian Patrick Thomas <ipthomas_77@yahoo.com> To: "f.johan.beisser" <jan@caustic.org> Cc: freebsd-questions@freebsd.org Subject: Re: Is this what the Code Red II worm does? Message-ID: <20010807165527.A17579@localhost> In-Reply-To: <Pine.BSF.4.21.0108062114590.5567-100000@pogo.caustic.org>; from jan@caustic.org on Mon, Aug 06, 2001 at 09:25:00PM -0700 References: <20010806234045.A340@localhost> <Pine.BSF.4.21.0108062114590.5567-100000@pogo.caustic.org>
next in thread | previous in thread | raw e-mail | index | archive | help
As it was put forth by f.johan.beisser on Mon, Aug 06, 2001 at 09:25:00PM -0700... > On Mon, 6 Aug 2001, User & Ian Patrick Thomas wrote: > > > When I try this IP, 24.218.162.152, I get an error message saying that > > too many people are trying to access this website. Both of these seem like > > symptoms of the worm. Does this sound right? Is this what the Code Red II > > worm is supposed to do, DoS or defacement? Just curious. > > Code Red II is another IIS worm. it can't infect a freebsd box, but it > will fill your httpd logs with useless data. > > if a machine behind your firewall is infected, it will be scanning the > subnets closest to it. > > i would suggest having all your NT boxes checked out for virii. you should > consider running an IDS like snort (/usr/ports/security/snort), or run > packet analysis to see what kind of traffic is running. > > other than that, i would suggest digging a bit more heavily in to the > kinds of traffic you are expecting on this network. I am the network, it's just my one box. Although I do use a cable connection so maybe some of the other people in my area could also be considered part of the network. I am not currently running apache or any other web server yet.:( It seems that maybe some of the users in my area have gotten infected by the worm. Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010807165527.A17579>