Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] code red question....
  • From: Nick Zentena <zentena@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 7 Aug 2001 15:36:53 +0000
  • Message-id: <200108071536.f77Farl01691@xxxxxxxxxxxxxxxxxx>
On August 7, 2001 06:41 pm, Paul Abrahams wrote:
>
>
> Those entries in Jim's log look like an attempted buffer overflow
> attack. Is it possible that he is indeed being attacked but is immune?
>
> Yesterday my cable modem's activity light was on almost constantly,
> indicating an attack. But I'm pretty sure nothing got through because my
> system is behind a router. (Also, ShieldsUp says all the usual ports are
> in stealth mode.) Today it's pretty quiet.
>

My understanding of the current worm is that it targets local machines
first. So if somebody in your neigbourhood gets it that machine will start
hitting everybody locally. Passing the worm on. Then any infected machine
will do the same. These thing doesn't care if you are running windows or have
a webserver up. It just keeps hitting port 80 about every hour. Yesterday I
had trouble hitting some websites [including Yahoo] . It wouldn't surprise me
if the extra traffic is causing alot of trouble.

Nick

< Previous Next >