Other China Hack Attempts Concurrent With Code Red

From: David E. Weekly (dweeklyat_private)
Date: Thu Jul 19 2001 - 21:03:06 PDT

Next message: Ryan Russell: "Re: CodeRed"

Previous message: Kheos ml: "Re: .ida Intrusion Attempt"
In reply to: Ryan Russell: "Re: HTTP connections"
Next in thread: Lindsay: "RE: HTTP connections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've seen 58 hosts attempt to access default.ida with an overflow string on
my box. I've had several other attempts, though, that seem to be hand-done,
including several FTP logins and an attempt to send the GET strings "^D^A"
and "^E^A^B" to my webserver (Apache). Any ideas what the latter might be?

-david





----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: Ryan Russell: "Re: CodeRed"
Previous message: Kheos ml: "Re: .ida Intrusion Attempt"
In reply to: Ryan Russell: "Re: HTTP connections"
Next in thread: Lindsay: "RE: HTTP connections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 23:36:50 PDT