Subject: Re: Security Issues...
From: Neil Jolly (neil@jollycom.ca)
Date: Mon Aug 13 2001 - 22:13:51 MDT
On August 13, 2001 10:06 pm, you wrote:
> 4.21.22.189 - - [12/Aug/2001:04:11:52 -0400] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>X$ 24.182.1.195 - - [12/Aug/2001:04:27:09 -0400] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>X$ 24.254.41.153 - - [12/Aug/2001:04:30:07 -0400] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>$ 24.12.7.35 - - [12/Aug/2001:04:35:02 -0400] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>XXX$ 24.182.165.183 - - [12/Aug/2001:04:38:24 -0400] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX$
> 24.182.60.67 - - [12/Aug/2001:05:00:24 -0400] "GET
These are from windows boxes infected by the code red worm. They're trying
vainly to exploit a windows security flaw on your linux box. It's nor going
to be able to damage yor system.
>
> There are lots of entries like this from different IP addresses.
>
> One had this... 63.236.92.153 - - [12/Aug/2001:17:58:47 -0400] "GET
> /robots.txt HTTP/1.0" 404 275
This is from a polite robot wanting to read your robots.txt.
>
If you're not running any kind of firewall currently I'd recommend getting
something up fairly soon though.
Neil
This archive was generated by hypermail 2a24 : Mon Aug 13 2001 - 21:22:30 MDT