[lug] Code Red: GET /default.ida?NNNNNNNNNNNNNNNNNNN ??

Greg Horne jeerygh at hotmail.com
Mon Aug 13 10:35:13 MDT 2001

I realize that you sent this 3 days ago and other people may have said this, 
but where have you been while all of this was happening to your server?  
This has been going on for a few weeks!  Hopefully you were just running an 
apache linux server like my company.  All we had to worry about was the darn 
port scans wasting our bandwidth!

If there is anybody else out there that runs apache.... :) ....create a 
website on your box called emptyweb or something.  the only thing it should 
have it a log file.  This makes it really easy to discover who has been 
scanning your ports as nobody will ever go to the webpage (because there 
isn't one)  I do this and find it very easy to do a quick check of my 
servers everyday.  Does this make sense to anybody?  Does anyone do 
something similar?

Greg Horne

>From: Alan Robertson <alanr at unix.sh>
>Reply-To: lug at lug.boulder.co.us
>To: Boulder LUG <lug at lug.boulder.co.us>
>Subject: [lug] Code Red: GET /default.ida?NNNNNNNNNNNNNNNNNNN  ??
>Date: Fri, 10 Aug 2001 21:11:30 -0600
>I hadn't thought about my web server, but I went to go look at it's logs,
>and see what I strongly suspect are lots (2428) attempted accesses to it
>from 1248 different addresses starting July 19, and going until 4 minutes
>ago ;-)
>At first they started out with XXXX, then it switched to NNNN.
>	-- Alan Robertson
>	   alanr at unix.sh
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

More information about the LUG mailing list