[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: code red goes on

Hi..

I grepped my access logs and noticed the "default.ida?NNNN etc etc..

What does this mean?
Have I been attacked? or was it an attemped attack?

What exactly does the virus do to the system?

Thanks
Mike


Quoting Matthias Richter <matthias@vielfalt.de>:

> ktb wrote on Fri Aug 03, 2001 at 12:29:05AM:
> > On Thu, Aug 02, 2001 at 10:08:56PM -0700, Karsten M. Self wrote:
> > > ...gives a hostlist.  Anyone know of a central repository who might
> be
> > > collecting same and sending LARTs to the appropriate sysops? 
> 
> <URL:http://www.dshield.org/codered.html> are collecting. You only have
> to:
> grep 'default.ida?NNNNN' access_log | mail -s 'APACHE'
> redalert@dshield.org
> 
> As someone already mentioned, many boxes seem to be dialup-boxes...
> 
> Matthias
> -- 
> Matthias Richter --+- stud. soz. & inf. -+-- http://www.uni-leipzig.de
> -->    GPG Public Key: http://www.matthias-richter.de/gpg.ascii    <--
> 
> · Projekt Deutscher Wortschatz: <URL:http://wortschatz.uni-leipzig.de>
> 



~~Bill, Bill who?~~
Reply to: