[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
- Subject: Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Thu Jul 19 09:50:49 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Thu, 19 Jul 2001, Paul wrote:
> >People. Put close attention on this. I got 280 machines connecting to my
> >box in one hour. This doesn't seem to stop, nor I think it ever will.
>
> I have several of these entries in my access log:
>
> "GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
> u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 302 578 "-" "-"
>
> (sorry if this doesn't wrap or comes out horrible)
> I've had 80 of these entries so far.
> Are these log entries related to the Code-Red Worm? Shimi, can you post some
> links to more information about this worm? I haven't found anything doing
> searches.
> Thanks,
> Paul
As I said, besides consuming bandwidth and system resources, it *won't*
deface cobalts, as it's a *micro$oft* bug. The only concern is the
bandwidth you'll be wasting on it... the more IPs you have, the more
bandwidth you're going to waste...
http://www.eeye.com/html/Research/Advisories/AL20010717.html
- shimi.