Re: Code Red Worm ?
Le sam, 21 jui 2001 10:56:14, catalyst a écrit :
> I'm running iptables and for the past 3 days i been hit by a multiple IP
> adds on my firewall.I wonder is it from those infected IIS with red worm
> Here is the log i'm getting from my /var/log/messages.
> Jul 21 16:48:04 uniX kernel: Firewall:IN=eth0 OUT=
> MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=126.96.36.199
> DST=188.8.131.52 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=47947 DF
> PROTO=TCP SPT=1794 DPT=6346 WINDOW=16384 RES=0x00 SYN URGP=0
6346 is the gnutella port.
If you have used it, your IP is kept in some cache and others try to
connect to you for some time.