[NCLUG] Code Red Attacks & DSL Routers
Michael Dwyer
mdwyer at sixthdimension.com
Thu Jul 19 17:29:26 MDT 2001
> > A worm dubbed "Code Red" is in circulation right now. Mostly
> > harmless to us, since it exploits unpatched ISS machines, but
> > it hits all IPs regardless (grep your httpd.error logs for
> > "default.ida" and check how many times you've been hit!)
>
> All linux hosts ... I have consolidated several ...
>
> [root at new bin]# cd /var/log/httpd/
> [root at new httpd]# grep default.ida * | wc
> 362 4344 178314
> ... Do I win?
Gee... I only got about 24 at home and 24 here. But then, the
day is still young! http://www.incidents.org/ has upgraded the
threat level to yellow (2 of 4). They expect this to only get
worse as more and more sites get exploited. The worm's random
number generator has a flaw, so it hits some sites MUCH more
than others. You must be lucky, I guess...
More information about the NCLUG
mailing list