Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] code red question....
  • From: Jean Messerlin <jean.messerlin@xxxxxxx>
  • Date: Tue, 07 Aug 2001 22:56:22 +0200
  • Message-id: <3B7055F6.9000604@xxxxxxx>
Jim Hatridge wrote:

Hi all..

After all this talk about code red, I looked at my access_log and found this stuff. Is this the code red attack? If so, do I need to worry about it? I'm running a "plain jane" install of SuSE 7.1 on my internet machine. I am on a 56k dialup and only on the net about 30 minutes per day. Also the first line (127.---) is that my localhost?



The 'NNNN...' are standard Code Red, the 'XXXX...' are Code Red 2 (which also
means that the machine trying to infect you has a backdoor).

Am I mistaken or do you have some webserver installed? Maybe you could turn off the
services you do not need in '/etc/inetd.conf' and Yast. A web server is hardly useful over
56k connection (Personnaly i do not even run inetd).

You should at least set up SuSEfirewall and make it run when you connect. My last 30
minutes 56k connection showed 4 tries to connect to my HTTP port (80) and 1 to my
FTP port (21). Well since I've set it up sunday, I have also seen an attempt to connect
to port 12345 (Windows trojan), and my ISP sending me some UDP packet which were
not meant for my machine (?). I've found an instructing commentary of a firewall log at:

< Previous Next >