on Fri, Aug 03, 2001 at 02:54:01PM +0000, John Griffiths ([EMAIL PROTECTED]) wrote: > if you grep your http access log for "default.ida" (good sign of a > code red attempt on an apache box) > > you'll see that code red has infected as many new machines in the alst > two days as it did on 20 July
Hmmm:
grep 'default\.ida' /var/log/apache/access.log | awk '{print $1}'
...gives a hostlist. Anyone know of a central repository who might be
collecting same and sending LARTs to the appropriate sysops? Or is that
a complete [EMAIL PROTECTED]&*() waste of time? Any way to test an IP to see if
it's been compromised?
...or a good way to grab the relevant data and mail your own report?
I'm running 'host' against a bunch of IPs (I've got about 40), turning
up a bunch of '<ip> does not exist' responses.
--
Karsten M. Self <[email protected]> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Free Dmitry!! Boycott Adobe!! Repeal the DMCA!! http://www.freesklyarov.org
pgpDUcFLs0Qf9.pgp
Description: PGP signature
