From what i read about the 'Code Red'-worm, it was supposed to be scanning for IIS-servers. It obviously is'nt, i believe it tries to infect everything they find on port 80, or something as simple as that. About three to four days ago, i started to get those default.ida-GET's in my Apache-logs. I shut down the server as fast as i could, and checked for outgoing connections from my computer, and then did some research. I was told that it was an IIS-worm, and that it could'nt affect Apache-servers, so i was safe. I turned the server back on, and from that day i have received forty-one attempts. How can this be? Why am i getting so few attempts, if it is as eEye says -- that every worm-instance has the same seed? I should be getting tons and tons of tries, if the worm has been around for this long. Or is it that my IP is high up in the "sequence", and not many comes that far? If that is the case, the number should be increasing fast in the near future, right? I'll come back with a report in a week or so. ________________________________ m'name be mike brockman! jeeh! _ooh,_und_dunt_feed_my_eskimoes_
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 15:08:12 PDT