[ale] New Virus???

Brian J. Dowd bdowd at DentFirst.com
Sat Aug 4 08:04:46 EDT 2001


Yes, This is Code red.
It tries to attach to port 80 on random IP addresses
all over the internet. Running apache you have nothing
to fear as it only afftects the indexer in IIS.
If you look in your access log you will
see the buffer overflow attempts. They are recognizable by
NNNNNNNNNNNNNNNNNNNNNNNNNNNNN (etc)
You can't miss them.
Not to fear. You are running Linux and Apache! :-)
-Brian J. Dowd

> Ever since Wednesday (8/1) I've seen a tenfold increase in the number of
> connection attempts logged on my firewall. The interesting thing is
> almost all of these attempts are for port 80. Ordinarily, I get about
> 2-to-5 connection attempts per day and 99% are for ports 27374 or 111.
> But beginning Wednesday there has been a surge of attempts for port 80,
> comming in from all over the internet.
>
> Is there a new hole discovered in Apache?
>
> Or is this the big "Code Red" hole in M$'s IIS servers?
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list