Re: Cable Modem on Linux
| I just got a DSL connection (last night) and my firewall logged a
| bunch of DENYed packets on port 138 (Netbios datagram service) from
| another IP in my DSL subnet. Somebody messed up <smirk>. BTW I
| apache is logging a whole bunch of Code Red requests already! Now I
I uninstalled portsentry because /etc/hosts.deny and the routing table
were beginning to look overloaded. Whoever coded that thing certainly
knew how to get a scan going!
The slightly strange thing is that Code Red and its siblings are now
almost permanent. Unless all the IIS boxes are rebooted and patched, for the
next 6 months we will all have our log files packed with these spurious
entries and tools like portsentry will have to be set at a lower security
level to avoid black-holing half the Internet.
Wonder if the next Linux worm will be cloaked as a Code Red scan?
Reply to: