From owner-FreeBSD-users-jp@jp.freebsd.org  Thu Aug  2 11:08:58 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id LAA95042;
	Thu, 2 Aug 2001 11:08:58 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mgate05.so-net.ne.jp (mgate05.so-net.ne.jp [210.139.254.152])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id LAA95037
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 2 Aug 2001 11:08:57 +0900 (JST)
	(envelope-from mizo@grf-design.com)
Received: from mail.ca2.so-net.ne.jp (mspool12.so-net.ne.jp [210.139.248.12])
	by mgate05.so-net.ne.jp (8.8.8+3.0Wbeta9/3.6W01060506) with ESMTP id LAA04485
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 2 Aug 2001 11:08:57 +0900 (JST)
Received: from 192.168.0.100 (p78a44f.chibnt01.ap.so-net.ne.jp [61.120.164.79])
	by mail.ca2.so-net.ne.jp  with ESMTP id f7228uf29598
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 2 Aug 2001 11:08:56 +0900 (JST)
Message-ID: <20010802020856.20323@mail.ca2.so-net.ne.jp>
From: mizohata <mizo@grf-design.com>
To: FreeBSD-users-jp@jp.freebsd.org
Date: Thu, 2 Aug 2001 11:08:56 +0900
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: ARENA Internet Mailer 2.0.1 PPC
X-Priority: 3
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 63388
Subject: [FreeBSD-users-jp 63388] [Q] how can we deny "code red" attack?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: mizo@grf-design.com

$B!!9BH*$G$9!#(B

$B!!2?5$$J$/!"(Bhttpd $B$N%m%0$r8+$F$$$?$i!"$*$+$7$J%(%i!<$,$?$/$5$s$"$j$^$7(B
$B$?!#(B

a.b.c.d - - [02/Aug/2001:10:29:59 +0900] "GET /default.ida?NNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858
%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u
53ff%u0078%u0000%u00=a  HTTP/1.0" 400 327 "-" "-"

$B!!Ip;N$N>p$1!)$GH/9T85(B IP $B$O1#$7$^$7$?$,!"$3$l0J30$K$b$6$C$H8+$?$@$1$G(B
 30 $B0J>e!"$_$s$J$3$N(B GET $B$rH/9T$7$F$$$^$9!#:G8e$NE[$O(B IP $B$b$*$+$7$+$C(B
$B$?$N$GD4$Y$F$_$k$H!"F2!9$H%5%$%H$,B8:_$7$F$$$k!"0l$D8+$F$d$m$&!"$H;W$C(B
$B$?$i!&!&!&!&$I$3$+$G8+$?$3$H$"$k$J$!!&!&!&$J$s$F!#(B

$B!!$*$=$i$/(B code red worm $B$K$d$i$l$?%5%$%HC#$H$K$i$s$@$N$G$9$,$I$&$G$7(B
$B$g$&!)#87n#1F|0J9_$KMh$F$k$7!#(B

$B!!<B32$OL5$$$N$G$9$,!"%m%0$bHnBg2=$9$k$7!"$a$s$I$/$5$$$N$G!"(B
default.ida? $B$G(B GET $B$7$h$&$H$7$F$/$kO"Cf$r%V%m%C%/$7$?$$$H$*$b$&$N$G$9(B
$B$,!"$$$$J}K!$C$F$J$$$G$9$+$M!)(B

$B!!$h$m$7$/$*4j$$$7$^$9!#(B

$B!!$G$o(B


     "..loaded on the road.."
  $B9BH*(B  $B9M;K(B : mizohata takashi
