Re: Code Red, anyone?

From: Ryan Russell (ryanat_private)
Date: Wed Aug 01 2001 - 08:46:18 PDT

Next message: Sean Kelly: "http://www.worm.com/default.ida? requests"

Previous message: janat_private: "Re: Code Red, anyone?"
Next in thread: Kman: "Re: Code Red, anyone?"
Next in thread: Alfred Huger: "Re: Code Red, anyone?"
Reply: Kman: "Re: Code Red, anyone?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2001-08-01 15:03:54, 2002500, Suspicious URL, 210.63.234.152, ,
v.v.v.v, , , 1,

Strange, BlackICE Defender doesn't log timezone explicitly, I guess.  I'm
PDT, and this was 8:03 A.M., so the log entry must be UTC.

My first Code Red this week, on my home machine this morning.  I captured
it, it's standard CRv2.

As a side note, I had an e-mail from ISS last night that said they've got
a new set of sigs for Real Secure, including the .ida overflow.  I imagine
most ISS admins get the same mail, but just in case...

						Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Sean Kelly: "http://www.worm.com/default.ida? requests"
Previous message: janat_private: "Re: Code Red, anyone?"
Next in thread: Kman: "Re: Code Red, anyone?"
Next in thread: Alfred Huger: "Re: Code Red, anyone?"
Reply: Kman: "Re: Code Red, anyone?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 09:08:33 PDT