[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] AOL Hack Attack or Bust!

Subject: [cobalt-users] AOL Hack Attack or Bust!
From: "Sim Ayers" <sim@xxxxxxxxxxxx>
Date: Tue Sep 18 11:57:19 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

AOL or Bust!

When the CodeRed worm requested a page from our Unix/Linux server the 
HTTP_USER_AGENT field was always empty. It was a dead giveaway
that the request was from a worm.

However, with this new worm (CodeBlue or whatever it's called)
the HTTP_USER_AGENT is 'Mozilla/3.0 (compatible)'. So I did a 
dig -x 172.169.2.55 on the ip address of the request and sure
enough it was from AOL. The 'Mozilla/3.0 (compatible)' must have
been sent as part of a proxy request. It nice to see AOL getting hacked
after all the shit we programmers had to wade through to address
AOL proxy request problems. The only real problem here for Unix/Linux
users is that this worm is eating up bandwidth from coast to coast.

Ah baby, AOL or BUST.

-Sim

References:
- RE: [cobalt-users] Extensive Hack Attack - Was C drive hack
  - From: Dom

Prev by Date: Re: [cobalt-users] logcheck and sendmail item
Next by Date: RE: [cobalt-users] [RAQ4r] ASP, MySQL, and Microsoft Access
Previous by thread: RE: [cobalt-users] Extensive Hack Attack - Was C drive hack
Next by thread: RE: [cobalt-users] Extensive Hack Attack - Was C drive hack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index