A FYI, I have yet to see anything in my logs. cheers Dean -----Original Message----- From: MVickat_private [mailto:MVickat_private] Sent: Wednesday, 25 July 2001 8:44 AM To: NT System Admin Issues Subject: New version of Code Red? Computer at 172.158.225.228 does the 80 GET /x.ida, followed by AAA... instead of NNN... Then comes back 25 minutes later with 80 GET /iisstart.asp and 80 GET /pagerror.gif 2001-07-23 11:05:32 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /x.ida AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=X 200 - 2001-07-23 11:30:06 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /iisstart.asp - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98;+Win+9x+4.90) 2001-07-23 11:30:08 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /pagerror.gif - 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98;+Win+9x+4.90) And nslookup reports.... C:\>nslookup 172.158.255.228 Server: xxxx.xxxxx.xxx Address: xxx.xxx.xxx.xxx Name: AC9EFFE4.ipt.aol.com Address: 172.158.255.228 Michael Vick *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 15:11:40 PDT