Re: code red goes on
I grepped my access logs and noticed the "default.ida?NNNN etc etc..
What does this mean?
Have I been attacked? or was it an attemped attack?
What exactly does the virus do to the system?
Quoting Matthias Richter <email@example.com>:
> ktb wrote on Fri Aug 03, 2001 at 12:29:05AM:
> > On Thu, Aug 02, 2001 at 10:08:56PM -0700, Karsten M. Self wrote:
> > > ...gives a hostlist. Anyone know of a central repository who might
> > > collecting same and sending LARTs to the appropriate sysops?
> <URL:http://www.dshield.org/codered.html> are collecting. You only have
> grep 'default.ida?NNNNN' access_log | mail -s 'APACHE'
> As someone already mentioned, many boxes seem to be dialup-boxes...
> Matthias Richter --+- stud. soz. & inf. -+-- http://www.uni-leipzig.de
> --> GPG Public Key: http://www.matthias-richter.de/gpg.ascii <--
> · Projekt Deutscher Wortschatz: <URL:http://wortschatz.uni-leipzig.de>
~~Bill, Bill who?~~