Network Question
Jeffrey A. McCright
jmccright2 at home.com
Thu Aug 9 23:44:54 CDT 2001
Tell me about it. I firewall is getting pounded by 24.22.xxx.xxx. and the
hits are increasing!
-----Original Message-----
From: root [mailto:root at ns.brink.cx]
Sent: Monday, August 06, 2001 7:48 AM
To: Gene Dascher
Cc: 'kclug at kclug.org'
Subject: Re: Network Question
Its more then likely code red I or II. If you wanted to you could start up
apache and see if you get hits that look like :
cx1140241-c.okcw1.ok.home.com - - [06/Aug/2001:07:45:58 -0500] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 276
Code red is hurting @home pretty bad.
Andrew Brink.
On Mon, Aug 06, 2001 at 02:01:10AM -0500, Gene Dascher wrote:
> I have redhat 6.2 on a Gateway 486 dx250 that I am using as my
> Comcast at home internet gateway/firewall. I have noticed over the last
> few days that the data light on my modem is blinking very frequently
> while none of the PCs on my network are surfing the web. I have looked
> for the obvious signs of a break in on the gateway, but cannot find any,
> and do not see any odd processes running. I want to know the nature of
> the "data" that is hitting my machine. What is the best tool for doing
> this? Would a packet sniffer (like Sniffit) be what I am looking for?
>
> Thanks,
> Gene
>
>
More information about the Kclug
mailing list