For what it's worth, we have this line in our apache config file: # Do not do anything for Code Red Attacks RedirectMatch 415 (.*)\.id[aq]$ which returns an error code without apache having to check the filesystem for a matching file -- we were concerned about the added load if there were a large number of code red requests coming simultaneously, and implemented this to fail them quickly. I see about 5,600 code 415 responses in the log yesterday, and no 200's for default.id* . This is Apache apache-mod_ssl-1.3.14.2.7.1. Bng >>>>> Dennis Jenkins writes: DJ> Oh heck no!!! I have no such crap^H^H^H^H tool installed. I have logs DJ> of over 500 code red II hits. The vast majority are returned by apache DJ> with error 404. Occasionally, it returns code 200. I have no idea DJ> why. The box is a stock Slackware 7.1 Linux serving only static DJ> content. The apache version is 1.3.12. -- Boris Goldowsky Director of Engineering & Development Information Please borisat_private www.infoplease.com 617 542-6500 x 2324 --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Sep 13 2001 - 10:50:24 PDT