As of now.. I'm scared shitless..and it's a good thing I installed Sygate Firewall Pro on my Server LAST NIGHT!
I recieved a few "Code Red" Dos attacks from one source only (someone who's infected obviously), and an Intrusion Detection System with an application name of 'inetinfo.exe'.
I tryed a WhoIS lookup on the IP of the possible intrusion and,
and it comes from someone in NY, but it looks as if they provided false WhoIs.
The Code Red Attacks come from some business out in Virginia....
Problem solved with the few attacked I recieved.. I just straight out blocked their individual IPs. Now my packet log is filling up with Blocked IP addresses.
wasted...... if you just keep blocking the IP's of the attackers, your just gonna get a huge block list...... cause the machines that are attacking are random.... and even if the do strike more than once, they cant do anything as long as you have the correct service pack updates..... but you can still see that they are attacking.....
I actually backtraced a few of the IPs that came to me with DoS attacks..and one came from some business in Texas, and one was from a Pacific Bell DNS server.
Others are just general users with servers set up im guessing.
tone wrote:Plus they might connect through proxy which will make their ip invisible.
Code Red only affects computers running IIS, the web server software from Micro$oft. It is very unlikely that people are serving web pages through a proxy because that can put a very heavy (and unnecessary) load on the proxy server.
tone wrote:Plus they might connect through proxy which will make their ip invisible.
Code Red only affects computers running IIS, the web server software from Micro$oft. It is very unlikely that people are serving web pages through a proxy because that can put a very heavy (and unnecessary) load on the proxy server.
Sorry
I wasnt thinking straight, i just assumed because he said he got a company's name in Virgina and he thought that it was fake so i thought proxy.
