[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.

Subject: RE: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
From: David Lucas <david@xxxxxxxxxxxxxxxx>
Date: Thu Jul 19 15:31:48 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 07:22 PM 7/19/2001, you wrote:

tons of info here::
http://www.eeye.com/html/Research/Advisories/AD20010618.html

there's also been a ton of mssgs posted to the bugtraq security list all
day. i think i was lucky enough to get the patch on my servers before
all hell broke lose.

8)
sean

Luckily my Win2K Server runs Apache for windoze. I couldn't figure out howto make IIS5 work right. Apache was much easier to use.

-----Original Message-----
From: Paul [mailto:paulbentz@xxxxxxxx]
Sent: Thursday, July 19, 2001 4:29 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's
attacking.


>People. Put close attention on this. I got 280 machines connecting to
my
>box in one hour. This doesn't seem to stop, nor I think it ever will.

I have several of these entries in my access log:

"GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN
NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 302 578 "-" "-"

(sorry if this doesn't wrap or comes out horrible)
I've had 80 of these entries so far.
Are these log entries related to the Code-Red Worm? Shimi, can you post
some
links to more information about this worm? I haven't found anything
doing
searches.
Thanks,
Paul

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- RE: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
  - From: Sean Slavin

Prev by Date: Re: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
Next by Date: [cobalt-users] NT box in second network port on RAQ4R
Previous by thread: RE: [cobalt-users] The Code-Red Worm is attacking... GOD it's attacking.
Next by thread: [cobalt-users] DNS setup help needed

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index