[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Code Red Worm ?

Le sam, 21 jui 2001 10:56:14, catalyst a écrit :
> Hi,
> I'm running iptables and for the past 3 days i been hit by a multiple IP
> adds on my firewall.I wonder is it from those infected IIS with red worm
> ?
> Here is the log i'm getting from my /var/log/messages.
> Jul 21 16:48:04 uniX kernel: Firewall:IN=eth0 OUT=
> MAC=00:50:da:91:ba:a8:00:30:94:9c:6e:8c:08:00 SRC=
> DST= LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=47947 DF
> PROTO=TCP SPT=1794 DPT=6346 WINDOW=16384 RES=0x00 SYN URGP=0 

6346 is the gnutella port.
If you have used it, your IP is kept in some cache and others try to
connect to you for some time.


Reply to: