From owner-FreeBSD-users-jp@jp.freebsd.org  Thu Aug  2 11:38:27 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id LAA97837;
	Thu, 2 Aug 2001 11:38:27 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ipa-ns.mgt.ipa.go.jp (ipa-ns.mgt.ipa.go.jp [192.218.88.130])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id LAA97832
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 2 Aug 2001 11:38:25 +0900 (JST)
	(envelope-from hatori@jaif.or.jp)
Received: from viruswall.mgt.ipa.go.jp (viruswall.mgt.ipa.go.jp [192.218.88.227])
	by ipa-ns.mgt.ipa.go.jp (3.7W-200107121432) with SMTP id f722bsN24185
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 2 Aug 2001 11:37:54 +0900 (JST)
Received: by ipa-mail.mgt.ipa.go.jp (3.7W-200107121521) id f722brj15036
	for <FreeBSD-users-jp@jp.freebsd.org>; Thu, 2 Aug 2001 11:37:54 +0900 (JST)
Message-ID: <3B68BD90.2DC3918F@jaif.or.jp>
Date: Thu, 02 Aug 2001 11:40:16 +0900
From: "Kentaro Hatori (hatochan)" <hatori@jaif.or.jp>
X-Mailer: Mozilla 4.73 [ja] (Win98; U)
X-Accept-Language: ja,en,zh,zh-TW,zh-CN
MIME-Version: 1.0
To: FreeBSD-users-jp@jp.freebsd.org
References: <20010802020856.20323@mail.ca2.so-net.ne.jp>
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 63392
Subject: [FreeBSD-users-jp 63392] Re: [Q] how can we deny "code red" attack?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: hatori@jaif.or.jp

$B$O$H$A$c$s!w(BLinux$B$KIb5$Cf$G$9(B($B$I$&$b$9$$$^$;$s(B)

IPA$B$N(B8$B7n(B1$BF|$^$G$KBP=h$r!V(BCode Red $B%o!<%`$K4X$9$k>pJs!W(B($B0J2<(BURL)$B$K(B
$B$"$k$H$*$j$K!"$^$.$l$b$J$/(BCode Red$B$G$9$M!#(B

http://www.ipa.go.jp/security/ciadr/vul/20010727codered.html

$B<B32$O$J$/$F$b!"$=$&$$$&B-@W$r;D$5$l$k$N$O$"$^$j5$;}$A$N$$$$$b$N$G$O(B
$B$"$j$^$;$s$M!#$s!"%m%0$,KD$i$`$N$b!"<B32$J$N$G$O$J$$$G$7$g$&$+!)(B
$B$d$i$l$F$$$k$3$H$r!"@hJ}$K$*65$($9$k$N$,$h$$$+$H;W$$$^$9!#(B

$B:,$,%*%P%5%s$J$s$G!"$I$3$,4,$$$F$$$k$N$+$H$C$F$b6=L#$,$"$k$1$I!"(B
$B$3$3$O2fK}$7$J$/$A$c$$$1$J$$$N$+$J$!(B...$B!#(B

mizohata wrote:
> 
> $B!!9BH*$G$9!#(B
> 
> $B!!2?5$$J$/!"(Bhttpd $B$N%m%0$r8+$F$$$?$i!"$*$+$7$J%(%i!<$,$?$/$5$s$"$j$^$7$?!#(B
> 
> a.b.c.d - - [02/Aug/2001:10:29:59 +0900] "GET/default.ida?NNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858
> %ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u
> 53ff%u0078%u0000%u00=a  HTTP/1.0" 400 327 "-" "-"
> 
> $B!!Ip;N$N>p$1!)$GH/9T85(B IP $B$O1#$7$^$7$?$,!"$3$l0J30$K$b$6$C$H8+$?$@$1$G(B
>  30 $B0J>e!"$_$s$J$3$N(B GET $B$rH/9T$7$F$$$^$9!#:G8e$NE[$O(B IP $B$b$*$+$7$+$C(B
> $B$?$N$GD4$Y$F$_$k$H!"F2!9$H%5%$%H$,B8:_$7$F$$$k!"0l$D8+$F$d$m$&!"$H;W$C(B
> $B$?$i!&!&!&!&$I$3$+$G8+$?$3$H$"$k$J$!!&!&!&$J$s$F!#(B
> 
> $B!!$*$=$i$/(B code red worm $B$K$d$i$l$?%5%$%HC#$H$K$i$s$@$N$G$9$,$I$&$G$7(B
> $B$g$&!)#87n#1F|0J9_$KMh$F$k$7!#(B
> 
> $B!!<B32$OL5$$$N$G$9$,!"%m%0$bHnBg2=$9$k$7!"$a$s$I$/$5$$$N$G!"(B
> default.ida? $B$G(B GET $B$7$h$&$H$7$F$/$kO"Cf$r%V%m%C%/$7$?$$$H$*$b$&$N$G$9(B
> $B$,!"$$$$J}K!$C$F$J$$$G$9$+$M!)(B
> 
> $B!!$h$m$7$/$*4j$$$7$^$9!#(B
-- 
Kentaro Hatori (hatochan)
mailto:hatori@jaif.or.jp for an usual mail
mailto:khatori@pdx.ne.jp for an urgent mail
