[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.

yeah, that's it. default.ida is a windows file. we don't really have to
worry about it on the cobalt. it can annoy the hell out of you and could
cause a (small) DDoS but it seems like the attacks stop if unsuccessfull
after X attempts.

any windows users out there just go to your box and remove all mappings to
.ida files.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-033.asp

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Paul
Sent: Thursday, July 19, 2001 7:29 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's
attacking.


>People. Put close attention on this. I got 280 machines connecting to my
>box in one hour. This doesn't seem to stop, nor I think it ever will.

I have several of these entries in my access log:

"GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 302 578 "-" "-"

(sorry if this doesn't wrap or comes out horrible)
I've had 80 of these entries so far.
Are these log entries related to the Code-Red Worm? Shimi, can you post some
links to more information about this worm? I haven't found anything doing
searches.
Thanks,
Paul

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users