[rescue] [OT] CodeRed activity?
Adam Kropelin
rescue at sunhelp.org
Sat Aug 4 23:08:28 CDT 2001
At 09:00 PM 8/4/2001 -0700, you wrote:
> > Folks, I've been seeing a major increase in CodeRed scans here today (not
> > that Apache cares...) -- about one every 1-2 minutes (to one given IP) as
> > opposed to one an hour up until this afternoon. Looks like the new variant
> > "XXXX" too. Scans exclusively are coming from 24.x.x.x range while previous
> > days they came from all over.
> >
> > Anybody else seeing this?
>
>I have:
>gecko:/var/log/apache$ grep default.ida * | wc -l
> 265
>
>I've also had to reboot my router numerous times today as the Cisco 600
>series routers have issues with Code Red aswell.
>
>Its gotten annoying enough that I installed 'mon' and wrote my own little
>alert module for it that I call x10.alert , stuck a firecracker on the
>serial port of my linux box and a appliance module on the 675 and now the
>linux box reboots the router when it goes off in the corner screaming 'THE
>PACKETS!!! THE PACKETS!!!' without my having to bother with it.
>
>I was offline from 2-8am thanks to this thing hosing the 675.
Pardon my ignoramousness, but WTF did Cisco do to the 600 series that makes
them have "issues" with CodeRed?
They didn't give up IOS in favor of -shudder- Windows, did they?
--Adam
More information about the rescue
mailing list