| I just got a DSL connection (last night) and my firewall logged a | bunch of DENYed packets on port 138 (Netbios datagram service) from | another IP in my DSL subnet. Somebody messed up <smirk>. BTW I | apache is logging a whole bunch of Code Red requests already! Now I
I uninstalled portsentry because /etc/hosts.deny and the routing table were beginning to look overloaded. Whoever coded that thing certainly knew how to get a scan going! The slightly strange thing is that Code Red and its siblings are now almost permanent. Unless all the IIS boxes are rebooted and patched, for the next 6 months we will all have our log files packed with these spurious entries and tools like portsentry will have to be set at a lower security level to avoid black-holing half the Internet. Wonder if the next Linux worm will be cloaked as a Code Red scan?
