[plug] Code Red 2
skribe
skribe at amber.com.au
Sun Aug 5 15:26:01 WST 2001
On Sun, 5 Aug 2001 12:05, James Bromberger wrote:
> I think it was said earler; Code Red is a buffer overflow exploit that
> makes an HTTP request starting "/default.ida", and then has lots of "NNN"'s
> in it.
I must have missed it. Thanks.
I've just sent my logs to redshield at redalert.org.
Here's how (from /.):
grep 'default.ida' /route/to/httpd/logs/access_log* | mail -s 'APACHE'
redalert at dshield.org
Also perhaps we can have a little survey as to how many times we've been hit:
cat /route/to/httpd/logs/access* | grep default.ida | wc -l
My count is 202.
skribe
--
Public key information available at:
http://www.amber.com.au/~skribe/publickey.html
Key fingerprint = A855 9CA3 953B 5195 C518 12F2 0E05 DCCD 5A88 E8A4
I'm not offering myself as an example; every life evolves by its own laws.
More information about the plug
mailing list