CodeRed

From: terminatorat_private
Date: Fri Jul 20 2001 - 12:40:47 PDT

  • Next message: Gary Flynn: "Re: Jetdirect card Attack???-Final from original poster" 

    -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We started receiving scans today, here is
what our Apache access and error logs showed:

Apache Access Log:
- ------------------
171.64.232.31 - - [19/Jul/2001:11:59:07 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
66.114.64.236 - - [19/Jul/2001:12:10:59 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
65.115.68.15 - - [19/Jul/2001:12:17:45 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
64.67.86.5 - - [19/Jul/2001:12:29:01 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
195.240.22.48 - - [19/Jul/2001:12:31:32 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
199.227.135.3 - - [19/Jul/2001:12:32:46 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
211.172.202.243 - - [19/Jul/2001:14:23:43 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
213.237.151.6 - - [19/Jul/2001:14:42:20 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
212.143.100.188 - - [19/Jul/2001:14:57:39 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
24.180.67.233 - - [19/Jul/2001:15:04:20 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
207.19.245.161 - - [19/Jul/2001:15:15:22 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
208.209.130.77 - - [19/Jul/2001:15:27:48 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
208.36.198.226 - - [19/Jul/2001:15:29:13 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
24.128.137.218 - - [19/Jul/2001:15:33:44 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
203.199.85.25 - - [19/Jul/2001:15:52:24 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
141.149.209.129 - - [19/Jul/2001:16:17:03 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
212.38.182.73 - - [19/Jul/2001:16:23:33 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
160.75.71.14 - - [19/Jul/2001:16:30:39 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
63.222.184.69 - - [19/Jul/2001:16:38:20 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
62.254.241.213 - - [19/Jul/2001:16:38:31 -0500] "-" 408 -
211.167.112.172 - - [19/Jul/2001:17:23:41 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
203.247.204.20 - - [19/Jul/2001:17:48:50 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
210.145.14.61 - - [19/Jul/2001:17:56:33 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
192.84.221.95 - - [19/Jul/2001:18:19:19 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
61.151.248.21 - - [19/Jul/2001:18:29:12 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
130.39.191.58 - - [19/Jul/2001:18:34:47 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
200.39.125.195 - - [19/Jul/2001:18:42:43 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
61.11.249.102 - - [19/Jul/2001:22:29:21 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

Apache Error Log:
- -----------------
[Thu Jul 19 11:59:07 2001] [error] [client 171.64.232.31] Client sent
malformed Host header
[Thu Jul 19 12:10:59 2001] [error] [client 66.114.64.236] Client sent
malformed Host header
[Thu Jul 19 12:17:45 2001] [error] [client 65.115.68.15] Client sent
malformed Host header
[Thu Jul 19 12:29:01 2001] [error] [client 64.67.86.5] Client sent malformed
Host header
[Thu Jul 19 12:31:32 2001] [error] [client 195.240.22.48] Client sent
malformed Host header
[Thu Jul 19 12:32:46 2001] [error] [client 199.227.135.3] Client sent
malformed Host header
[Thu Jul 19 14:23:43 2001] [error] [client 211.172.202.243] Client sent
malformed Host header
[Thu Jul 19 14:42:20 2001] [error] [client 213.237.151.6] Client sent
malformed Host header
[Thu Jul 19 14:57:39 2001] [error] [client 212.143.100.188] Client sent
malformed Host header
[Thu Jul 19 15:04:20 2001] [error] [client 24.180.67.233] Client sent
malformed Host header
[Thu Jul 19 15:15:22 2001] [error] [client 207.19.245.161] Client sent
malformed Host header
[Thu Jul 19 15:27:48 2001] [error] [client 208.209.130.77] Client sent
malformed Host header
[Thu Jul 19 15:29:13 2001] [error] [client 208.36.198.226] Client sent
malformed Host header
[Thu Jul 19 15:33:44 2001] [error] [client 24.128.137.218] Client sent
malformed Host header
[Thu Jul 19 15:52:24 2001] [error] [client 203.199.85.25] Client sent
malformed Host header
[Thu Jul 19 16:17:03 2001] [error] [client 141.149.209.129] Client sent
malformed Host header
[Thu Jul 19 16:23:33 2001] [error] [client 212.38.182.73] Client sent
malformed Host header
[Thu Jul 19 16:30:39 2001] [error] [client 160.75.71.14] Client sent
malformed Host header
[Thu Jul 19 16:38:20 2001] [error] [client 63.222.184.69] Client sent
malformed Host header
[Thu Jul 19 17:23:41 2001] [error] [client 211.167.112.172] Client sent
malformed Host header
[Thu Jul 19 17:48:50 2001] [error] [client 203.247.204.20] Client sent
malformed Host header
[Thu Jul 19 17:56:33 2001] [error] [client 210.145.14.61] Client sent
malformed Host header
[Thu Jul 19 18:19:19 2001] [error] [client 192.84.221.95] Client sent
malformed Host header
[Thu Jul 19 18:29:12 2001] [error] [client 61.151.248.21] Client sent
malformed Host header
[Thu Jul 19 18:34:47 2001] [error] [client 130.39.191.58] Client sent
malformed Host header
[Thu Jul 19 18:42:43 2001] [error] [client 200.39.125.195] Client sent
malformed Host header
[Thu Jul 19 22:29:21 2001] [error] [client 61.11.249.102] Client sent
malformed Host header
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6

iEYEARECAAYFAjtYiUQACgkQF6Jgd5ZCDcRXxwCdHv/KBqZPxrhqC+iUHgYPT2tM
CKUAn03tEiudX3+C3ZVh1TO4Pg4E/3FB
=2aDA
-----END PGP SIGNATURE-----




----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Sat Jul 21 2001 - 14:40:57 PDT