on 6/14/02 12:59 AM, Laurent Daudelin at nemesys_at_cox.net wrote:
>
> I never checked it before, I think, since I didn't think about having a web
> server that I could reference by its IP address. So, I also have the regular
> kind of blinking on my cable modem. Is this related to the Code Red virus?
> How?
>
AFAIK, Code Red (and Nimda) work by polling IP addresses to find a
vulnerable (i.e., Microsoft) server. When such a server is found, the nasty
critter assimilates that server into it's evil propagation. When these
beasties first came out, the activity light on my cable modem was almost
continuously illuminated from the myriad of infected servers all seeking to
spread the virus/worm. Now, I suspect a certain amount of traffic is a
normal 'overhead' of activity, but the degree to which it's still going on
makes me think that there's some folks who STILL haven't applied the MS
patches. In fact, it's possible that they're INTERNAL to your cable
provider's network, i.e., the guy down the street. After all, pretty much
all the providers have taken some action to shut off the Code Red traffic
coming in from the outside, but the within-network traffic doesn't go
through their filters.
> When I'm home, I don't have any problem accessing my web server through
> DynDNS service, so I know that the server is properly configured. And with
> Personal Web Sharing under OS 9, it's hard to have a bad configuration.
> Anyway, I'm more thinking that Cox somehow filter out those HTTP request
> somehow, but I'm not an HTML expert, so I could be wrong...
>
When you're home, is it possible that somewhere along the line, the name
resolution has been cached? That way, when you're at home, the request may
never leave the Cox network and so never appear to be coming from DynDNS.
Just to add another fly in the ointment... Even though your IP may be
'dynamic', it's not unusual for your machine to be located at the same IP
for months and months. AFAIK, the only time it can change is when you reset
or cycle power on your cable modem. But if you're not off for very long,
you're very likely to get the same IP back. So... Did you have your cable
modem off for a relatively long time recently?
All in all, though, I'd say it's most likely that you've simply fallen
victim to Cox cracking down on folks running servers.
- Eric.
--Eric Strobel (fyzycyst_at_NOSPAM^mailaps.org)
===================================================================== If aviation had grown as slowly as space travel, the first paying customer would have flown in 1943 -- in the 1,657th expendable Wright Flyer. =====================================================================
-- Read the List FAQ/Etiquette: http://www.newtontalk.net/faq.html Read the Newton FAQ: http://www.guns-media.com/mirrors/newton/faq/ This is the NewtonTalk mailing list - http://www.newtontalk.net
This archive was generated by hypermail 2.1.2 : Wed Jul 03 2002 - 14:02:19 EDT