On Tue, 31 Jul 2001, Alfred Huger wrote: > I realize that most of you have taken shelter and are awaiting the > impending demise of the Internet as we know it. However for those of you > stalwart bastions of courage who are still manning the ship in the face of > this clear and present danger, I have a question. Anyone seeing Code Red > activity yet? my host with 2 IPs has seen so far exactly 1 probe that looks like the code red attempts (v2 i presume) i had seen many of on the 19th-20th of July. Aug 1 11:09:42 io snort: IDS296/web-misc_http-whisker-splicing-attack-space: 194.133.117.220:3644 -> 209.9.230.110:80 Aug 1 11:09:43 io snort: IDS552/web-iis_IIS ISAPI Overflow ida: 194.133.117.220:3644 -> 209.9.230.110:80 Aug 1 11:09:43 io snort: IDS552/web-iis_IIS ISAPI Overflow ida: 194.133.117.220:3644 -> 209.9.230.110:80 Aug 1 11:09:43 io snort: IDS243/web-cgi_http-cgi-pipe: 194.133.117.220:3644 -> 209.9.230.110:80 full log of 4 packets at http://88.net/~thomas/codered.txt times are UTC. -thomas -- Do what thou wilt shall be the whole of the Law. -- Aleister Crowley gpg: pub 1024D/81FD4B43 sub 4096g/BB6D2B11=>p.nu/d 2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 07:37:22 PDT