Re: code red goes on
Hi..
I grepped my access logs and noticed the "default.ida?NNNN etc etc..
What does this mean?
Have I been attacked? or was it an attemped attack?
What exactly does the virus do to the system?
Thanks
Mike
Quoting Matthias Richter <matthias@vielfalt.de>:
> ktb wrote on Fri Aug 03, 2001 at 12:29:05AM:
> > On Thu, Aug 02, 2001 at 10:08:56PM -0700, Karsten M. Self wrote:
> > > ...gives a hostlist. Anyone know of a central repository who might
> be
> > > collecting same and sending LARTs to the appropriate sysops?
>
> <URL:http://www.dshield.org/codered.html> are collecting. You only have
> to:
> grep 'default.ida?NNNNN' access_log | mail -s 'APACHE'
> redalert@dshield.org
>
> As someone already mentioned, many boxes seem to be dialup-boxes...
>
> Matthias
> --
> Matthias Richter --+- stud. soz. & inf. -+-- http://www.uni-leipzig.de
> --> GPG Public Key: http://www.matthias-richter.de/gpg.ascii <--
>
> · Projekt Deutscher Wortschatz: <URL:http://wortschatz.uni-leipzig.de>
>
~~Bill, Bill who?~~
Reply to: