[lug] Code Red: GET /default.ida?NNNNNNNNNNNNNNNNNNN ??
Greg Horne
jeerygh at hotmail.com
Mon Aug 13 10:35:13 MDT 2001
I realize that you sent this 3 days ago and other people may have said this,
but where have you been while all of this was happening to your server?
This has been going on for a few weeks! Hopefully you were just running an
apache linux server like my company. All we had to worry about was the darn
port scans wasting our bandwidth!
If there is anybody else out there that runs apache.... :) ....create a
website on your box called emptyweb or something. the only thing it should
have it a log file. This makes it really easy to discover who has been
scanning your ports as nobody will ever go to the webpage (because there
isn't one) I do this and find it very easy to do a quick check of my
servers everyday. Does this make sense to anybody? Does anyone do
something similar?
Greg Horne
>From: Alan Robertson <alanr at unix.sh>
>Reply-To: lug at lug.boulder.co.us
>To: Boulder LUG <lug at lug.boulder.co.us>
>Subject: [lug] Code Red: GET /default.ida?NNNNNNNNNNNNNNNNNNN ??
>Date: Fri, 10 Aug 2001 21:11:30 -0600
>
>I hadn't thought about my web server, but I went to go look at it's logs,
>and see what I strongly suspect are lots (2428) attempted accesses to it
>from 1248 different addresses starting July 19, and going until 4 minutes
>ago ;-)
>
>At first they started out with XXXX, then it switched to NNNN.
>
> -- Alan Robertson
> alanr at unix.sh
>_______________________________________________
>Web Page: http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the LUG
mailing list