Re: follow-up to httpd question

Subject: Re: follow-up to httpd question
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Wed Jan 16 2002 - 14:59:14 AKST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Mike Tibor: "Re: cdrw question"
Previous message: Justin Dieters: "follow-up to httpd question"
In reply to: Justin Dieters: "follow-up to httpd question"
Reply: Mike Tibor: "Re: follow-up to httpd question"
Reply: Mike Tibor: "Re: follow-up to httpd question"

On Wed, 16 Jan 2002, Justin Dieters wrote:

>
> As a follow up, I looked at my logs again, I have tons of those blocks in
> the log every day. doing ''cat access_log | grep winnt > access_log_winnt''
> shows that approximately 75% of the lines in my log have "winnt" in them..
> and they are not all from the same ip, but probably better than half are
> from 24.237.X.X. I think some of the others are ACS DSL ip's, iirc...

Yep, those are either nimda, code red or a variant. There was lots of
discussion on this when those worms first hit. You might do some searches
on the archive:

http://www.lib.uaa.alaska.edu/aklug/

Jim Courtney had one solution that I liked quite a bit:

http://www.lib.uaa.alaska.edu/aklug/archive/2001-12/0344.html

Mike

-- 
Mike Tibor         Univ. of Alaska Anchorage    (907) 786-1001 voice
Network Technician     Consortium Library         (907) 786-6050 fax
tibor@lib.uaa.alaska.edu       http://www.lib.uaa.alaska.edu/~tibor/
http://www.lib.uaa.alaska.edu/~tibor/pgpkey  for PGP public key

Next message: Mike Tibor: "Re: cdrw question"
Previous message: Justin Dieters: "follow-up to httpd question"
In reply to: Justin Dieters: "follow-up to httpd question"
Reply: Mike Tibor: "Re: follow-up to httpd question"
Reply: Mike Tibor: "Re: follow-up to httpd question"

This archive was generated by hypermail 2a23 : Wed Jan 16 2002 - 14:59:16 AKST