Network Question
Mike Coleman
mkc at mathdogs.com
Mon Aug 6 20:32:44 CDT 2001
"Eric Rossiter" <rossiter at discoverynet.com> writes:
> Could anyone further extrapolate on this??? How does one know they are
> getting hits generated by Code Red???
If you're running Apache (or another web server), look in your access.log for
requests containing the string 'default.ida'. Those are almost certainly from
code red. The original variant also contained a string of N's; the new one
contains a string of X's.
> I am the @HOME service, and have been seeing my cable modem light flashing
> the last few days as well (during times of no Net activity).
Could be arp activity similar to what I'm getting.
> I run a Win2k/RH 7.0 dual boot box. Should I boot into Linux and stay there
> to be safe from this latest round of viruses??? I'm not running IIS on
> win2k, which, from what I have read is what Code Red infects.
If you're not, you should be okay. But be sure you're not--I thought I read
somewhere that W2K server ran one by default or something. Of course, there's
quite a collection of other viruses and worms you can catch via Windows. :-(
--Mike
--
Mike Coleman, mkc at mathdogs.com
More information about the Kclug
mailing list