[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OT Re: [cobalt-users] Code Red

Subject: OT Re: [cobalt-users] Code Red
From: Rik Thomas <rikt@xxxxxxxxxxxxxxxx>
Date: Thu Aug 9 18:57:09 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 9 Aug 2001, Jason Vaughan wrote:

> There have been frequent threads about Code Red and even a few
> scripts to check how many times it has attacked.
>
> Here is a challenge for any top scripters out there...
>
> Write a script which monitors the access log and if it sees tell tale
> signs (e.g requests for .ida) it then blocks that IP address, using
> IPCHAINS or similar.
>
> I don't even know if this would help but if the Code Red could not
> even see the server, would it not just go away and bother someone
> else?
>
> Even better would be to log the IP address, do a dig on the results
> and send an abusive message to the administrator of the site it
> resolves to (if available) or the admin for the IP block.

This is entirely off-topic, however the way code red works is that it take
blocks of ip addresses and scans them, it doesn't just go away, it is
rather blind in that regard.  I have had the same server visit over 100
times which is a mystery, I have tried to dump them at the router, at the
server, etc.  All to no avail.  All they get is a 404 error, no big deal,
you are not really serving them a page up.

-- 
Rik Thomas
rikt@xxxxxxxxxxxxxxxx http://SmartBackups.com
Is your Website Smart? Automated Website backups.  Free 30Day trial!
Ph: 302.672.7314 Fx: 302.672.7315 ICQ: 879956

References:
- [cobalt-users] Code Red
  - From: Jason Vaughan

Prev by Date: RE: [cobalt-users] System Engineer for all
Next by Date: RE: [cobalt-users] System Engineer for all
Previous by thread: Re: [cobalt-users] <OT>Stop eZula from stealing bandwidth
Next by thread: Re: [cobalt-users] Code Red

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index