Can't tell you, but I found some antidote against such stuff in the internet: # DROP HTTP packets related to CodeRed and Nimda # viruses silently iptables -t filter -A INPUT -i $EXT_IFACE -p tcp \ -d $IP --dport http -m string \ --string "/default.ida?" -j DROP iptables -t filter -A INPUT -i $EXT_IFACE -p tcp \ -d $IP --dport http -m string \ --string ".exe?/c+dir" -j DROP iptables -t filter -A INPUT -i $EXT_IFACE -p tcp \ -d $IP --dport http -m string \ --string ".exe?/c+tftp" -j DROP I'm implementing that and lets see how good the stuff works. Philipp
**HI ** **http://www.cert.org/advisories/CA-2001-19.html ** **Code Red :) IIRC ,wasn't there a script someone on the Suse linux E list had , that would stop the thing from filling up your logs ??? Which is , at present all it can do....
-- j
afterthought If this was funny it would be a tagline.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here