New version of Code Red?

From: Dean Cunningham (Dean.Cunninghamat_private)
Date: Tue Jul 24 2001 - 15:02:25 PDT

  • Next message: Jim Forster: "Re: New version of Code Red?"

    A FYI, I have yet to see anything in my logs.
    
    cheers
    Dean
    
    
    -----Original Message-----
    From: MVickat_private [mailto:MVickat_private] 
    Sent: Wednesday, 25 July 2001 8:44 AM
    To: NT System Admin Issues
    Subject: New version of Code Red?
    
    
    Computer at 172.158.225.228 does the 80 GET /x.ida, followed by AAA...
    instead of NNN...
    Then comes back 25 minutes later with 80 GET /iisstart.asp and 80 GET
    /pagerror.gif
    
    
    2001-07-23 11:05:32 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /x.ida
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=X
    
    200 -
    
    2001-07-23 11:30:06 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /iisstart.asp
    - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98;+Win+9x+4.90)
    
    2001-07-23 11:30:08 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /pagerror.gif
    - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98;+Win+9x+4.90)
    
    
    And nslookup reports....
    
    
    C:\>nslookup 172.158.255.228
    Server:  xxxx.xxxxx.xxx
    Address:  xxx.xxx.xxx.xxx
    
    Name:    AC9EFFE4.ipt.aol.com
    Address:  172.158.255.228
    
    
    
    Michael Vick
    
    ***************************************************
    This e-mail is  not an  official  statement of  the
    Waikato  Regional  Council unless otherwise stated.
    Visit our website http://www.ew.govt.nz
    ***************************************************
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 15:11:40 PDT