[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] The Code-Red Worm is attacking... GOD it's attacking.

Subject: Re: [cobalt-security] The Code-Red Worm is attacking... GOD it's attacking.
From: Carrie Bartkowiak <ravencarrie@xxxxxxxx>
Date: Thu, 19 Jul 2001 21:00:51 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thu, 19 Jul 2001 15:42:26 -0700 (PDT), shimi wrote:
>>
>>cat /var/log/httpd/access | grep .ida | wc -l

A note on this:
I output the lines from the access file to a text file so I could 
read them. Shimi's command above allows grep to include anything with 
"Guidant IE5" in it - which I found were real requests for pages. 
The attempted attack comes in the form of (in my logs, anyway):
default.ida?NNNNNNNNNNNNNNN <insert a hundred more N's here and 
another huge long string of gibberish>.
So I changed Shimi's grep to:
cat /var/log/httpd/access | grep .ida? | wc -l
And it cut down the number to the true attempts - 247.
Still... sheesh.

If you want to pipe it to a file, run:
 cat /var/log/httpd/access | grep .ida? > worm.txt
and then read worm.txt to see what's going on. 

-- 
Carrie Bartkowiak, ravencarrie@xxxxxxxx on 07/19/2001

Follow-Ups:
- Re: [cobalt-security] The Code-Red Worm is attacking... GOD it's attacking.
  - From: Andre Bonhote
- RE: [cobalt-security] The Code-Red Worm is attacking
  - From: njd

References:
- [cobalt-security] The Code-Red Worm is attacking... GOD it's attacking.
  - From: shimi

Prev by Date: Re: [cobalt-security] The Code-Red Worm is attacking... GOD it's attacking.
Next by Date: [cobalt-security] Re: The Code-Red Worm is attacking... GOD it's attacking.
Previous by thread: Re: [cobalt-security] root.hints
Next by thread: Re: [cobalt-security] The Code-Red Worm is attacking... GOD it's attacking.

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index