Re: Code Red Hammering Away

[<michael () aplatform com>]

Yup Im seeing the XXXX's now. :((
Another round??

Michael...

On Sat, 4 Aug 2001, Advanced Hosting UNIX Admin Daniel Fairchild wrote:

> Speaking of sharing experiances it is beating the crap out of our unix
> servers we install aplicatino firewalls on all the NT machines and there were
> patched anyway before the last one hit. But all the requestes to the port 80
> is taking down the webserver and affecting the machine because of access
> logs.
>
> bummer. :(
>
>
> On Saturday 04 August 2001 16:24, you wrote:
> > Le (On) Sat, Aug 04, 2001 at 05:14:09PM -0400, Bob K ecrivit (wrote):
> > > > > 4:53:48pm|melange@host:/home/melange> grep default.ida
> > > > > /var/log/httpd-access.log | grep XXXXX | wc -l 6
> > > >
> > > > I've started seeing LOTS of XXXXX hits as of approx 1 hour ago.
> > > > 5 in one hour and counting...
> > >
> > > Just for reference, here's the logs of this new variant:
> >
> > Pretty interesting, maybe all nanog-post subscribers could share their
> > experience with this worm too. Especially if you've seen a lot of non-[XN]
> > alphanumerical chars.
> >
> > Sorry, but this worm caused more damages to mailing lists than anything
> > else, on the Internet. Looks more like a chain-letter...
>
> --
> Advanced Hosting UNIX Admin | Daniel Fairchild danielf () supportteam net
> To rate my service or provide feedback, please visit the following URL:
> http://www.supportteam.net/rate.php3
>
> Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.