Code Red Worm ?

To: debian-security@lists.debian.org
Subject: Code Red Worm ?
From: catalyst <catalyst@polaroids.org>
Date: Sat, 21 Jul 2001 16:56:14 +0800
Message-id: <[🔎] 20010721165614.A906@polaroids.org>

Hi,

I'm running iptables and for the past 3 days i been hit by a multiple IP adds on my firewall.I wonder is it from those infected IIS with red worm ?
Here is the log i'm getting from my /var/log/messages.

Jul 21 16:48:04 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=192.108.114.142 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=47947 DF PROTO=TCP SPT=1794 DPT=6346 WINDOW=16384 RES=0x00 SYN URGP=0 
Jul 21 16:48:04 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=24.188.20.23 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=3054 DF PROTO=TCP SPT=2087 DPT=6346 WINDOW=16384 RES=0x00 SYN URGP=0 
Jul 21 16:48:08 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=64.231.67.231 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=32447 DF PROTO=TCP SPT=2886 DPT=6346 WINDOW=64240 RES=0x00 SYN URGP=0 
Jul 21 16:48:09 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=213.243.179.50 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=26440 DF PROTO=TCP SPT=61913 DPT=6346 WINDOW=16384 RES=0x00 SYN URGP=0 
Jul 21 16:48:09 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=213.237.69.82 DST=202.156.176.20 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=41052 DF PROTO=TCP SPT=63492 DPT=6346 WINDOW=8192 RES=0x00 SYN URGP=0 
Jul 21 16:48:10 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=24.20.196.225 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=15355 DF PROTO=TCP SPT=2804 DPT=6346 WINDOW=16384 RES=0x00 SYN URGP=0 
Jul 21 16:48:10 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=192.108.114.142 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=49121 DF PROTO=TCP SPT=1794 DPT=6346 WINDOW=16384 RES=0x00 SYN URGP=0 
Jul 21 16:48:10 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=24.188.20.23 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=3441 DF PROTO=TCP SPT=2087 DPT=6346 WINDOW=16384 RES=0x00 SYN URGP=0 
Jul 21 16:48:18 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=66.24.88.80 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=36576 DF PROTO=TCP SPT=1733 DPT=6346 WINDOW=8192 RES=0x00 SYN URGP=0 
Jul 21 16:48:20 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=64.231.67.231 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=57280 DF PROTO=TCP SPT=2886 DPT=6346 WINDOW=64240 RES=0x00 SYN URGP=0 
Jul 21 16:48:21 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=66.24.88.80 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=57056 DF PROTO=TCP SPT=1733 DPT=6346 WINDOW=8192 RES=0x00 SYN URGP=0 
Jul 21 16:48:22 uniX kernel: Firewall:IN=eth0 OUT= MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=24.65.103.201 DST=202.156.176.20 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=3421 PROTO=TCP SPT=1278 DPT=6346 WINDOW=2144 RES=0x00 SYN URGP=0 

Any help will be apprec.it.Thanks.

CaT.
-- 
 (o_   .------------------------------------------------------.
 //\   |   JC Wong,Singapore   |   http://www.polaroids.org   |
V_/_   |   ICQ: 19663610       |   catalyst@polaroids.org     |
^^ ^^  `------------------------------------------------------`

Reply to:

Follow-Ups:
- Re: Code Red Worm ?
  - From: Philippe Marzouk <pmarzouk@wanadoo.fr>

Prev by Date: Re: red worm amusement
Next by Date: Re: Code Red Worm ?
Previous by thread: Re: red worm amusement
Next by thread: Re: Code Red Worm ?
Index(es):
- Date
- Thread