![](https://seccdn.libravatar.org/avatar/dac3a9e5104a080167ff354322434051.jpg?s=120&d=mm&r=g)
Hi yes, it's really possible. Our reverse proxy just today picked up the same logs coming from a french IP address. I'm just checking what exactly this is. Philipp
-----Original Message----- From: Thomas Seliger [mailto:CRJLJAKTJORB@spammotel.com] Sent: Friday, October 11, 2002 2:01 PM To: suse-security@suse.com Subject: [suse-security] Re: **maillist-work:: Re: [suse-security] does anybody know such a log
Hi,
What Hannes says is true. There are quite a few nimda infected computers out there that are connected to the internet via T-DSL, even some with ISDN. With "flatrates" getting affordable, people often have their PCs connected their PCs almost 24h to (e.g. for download or P2P). Also running a Webserver on such hosts isn't as uncommon as it used to be.
peace, Tom
Johannes Studt wrote:
On Friday 11 October 2002 13:28, mailinglists@belfin.ch wrote:
Who's sleeping here? This isn't neither nimda nor code red. This is a scan. it came from a dial up account. Nimda and Code red never came from dial up accounts. They always came from static IP addresses.
Why nimda or code red _must_ come from static ip addresses? Think of IIS installed on WinPCs which are 24/7 up and accessible via DynDNS names. Such systems are vulnerable too...
Hannes
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here