Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] code red question....
  • From: Gideon Hallett <diogenes@xxxxxxxxxx>
  • Date: Tue, 7 Aug 2001 17:24:21 +0000
  • Message-id: <036d02725160781PCOW028M@xxxxxxxxxxxxxxxx>
On Tuesday 07 August 2001 4:12 pm, Andy Calloway wrote:


>> stuff. Is this the code red attack? If so, do I need to worry about it? I'm
>> running a "plain jane" install of SuSE 7.1 on my internet machine. I am on
>> a

Yup. That's a selection of classic code red probes.

You might want to configure your firewall to reject port 80 traffic matching
the string 'default.ida'.

>> 56k dialup and only on the net about 30 minutes per day. Also the first
>> line
>> (127.---) is that my localhost?

Anything 127.x.y.z is your localhost.

Fun trick to get rid of annoying (and stupid) customers on the helldesk
complaining that they couldn't access the 'net was to get them to try pinging
127.232.225.11 (or similar). They could alway ping that just fine...

(of course, you couldn't really do it unless they were gratuitously rude and
clueless.)

<snip and move everything to the correct place>

> You can't be infected on Linux, it only affects IIS servers.
>
> (Yippee!)

Nonetheless, it's interesting reading.

I've had 272 probes today alone; many of them from other cable modem users
within my ISP's network. It gives you an idea of how much care your local ISP
takes over their broadband security.

Gideon Hallett.

< Previous Next >
Follow Ups
References