[rescue] [OT] CodeRed activity?
Goldarg
rescue at sunhelp.org
Sat Aug 4 23:00:59 CDT 2001
> Folks, I've been seeing a major increase in CodeRed scans here today (not
> that Apache cares...) -- about one every 1-2 minutes (to one given IP) as
> opposed to one an hour up until this afternoon. Looks like the new variant
> "XXXX" too. Scans exclusively are coming from 24.x.x.x range while previous
> days they came from all over.
>
> Anybody else seeing this?
I have:
gecko:/var/log/apache$ grep default.ida * | wc -l
265
I've also had to reboot my router numerous times today as the Cisco 600
series routers have issues with Code Red aswell.
Its gotten annoying enough that I installed 'mon' and wrote my own little
alert module for it that I call x10.alert , stuck a firecracker on the
serial port of my linux box and a appliance module on the 675 and now the
linux box reboots the router when it goes off in the corner screaming 'THE
PACKETS!!! THE PACKETS!!!' without my having to bother with it.
I was offline from 2-8am thanks to this thing hosing the 675.
More information about the rescue
mailing list