Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] code red question....
  • From: Paul Abrahams <abrahams@xxxxxxx>
  • Date: Tue, 07 Aug 2001 14:41:01 -0400
  • Message-id: <3B70363D.313A99F@xxxxxxx>
Andy Calloway wrote:
>
> You can't be infected on Linux, it only affects IIS servers.
>
> (Yippee!)
>
> -----Original Message-----
> From: Jim Hatridge [mailto:James.Hatridge@xxxxxxxx]
> Sent: 07 August 2001 11:53
> To: suse-linux-e@xxxxxxxx
> Subject: [SLE] code red question....
>
> Hi all..
>
> After all this talk about code red, I looked at my access_log and found this
>
> stuff. Is this the code red attack? If so, do I need to worry about it? I'm
> running a "plain jane" install of SuSE 7.1 on my internet machine. I am on a
>
> 56k dialup and only on the net about 30 minutes per day. Also the first
> line
> (127.---) is that my localhost?

Those entries in Jim's log look like an attempted buffer overflow
attack. Is it possible that he is indeed being attacked but is immune?

Yesterday my cable modem's activity light was on almost constantly,
indicating an attack. But I'm pretty sure nothing got through because my
system is behind a router. (Also, ShieldsUp says all the usual ports are
in stealth mode.) Today it's pretty quiet.

Paul

< Previous Next >
Follow Ups
References