Code Red Scan

From: Jonathan Rickman (jonathanat_private)
Date: Wed Aug 01 2001 - 09:51:42 PDT

Next message: Richard.Grevisat_private: "Re: Code Red, anyone? now DOS threat ;-)"

Previous message: Pat Moffitt: "RE: CRv3? Or some other ida type"
Next in thread: Richard Bradford: "RE: Code Red Scan"
Reply: Richard Bradford: "RE: Code Red Scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please take the following information for action...

Log entry from www.xcorps.net:
==============================

64.173.141.242 - - [01/Aug/2001:12:43:49 -0400] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u780
1%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%
u0000%u00=a HTTP/1.0" 400 252

==============================

Offender:
=========

adsl-64-173-141-242.dsl.snfc21.pacbell.net

=========


Information on the Code Red Worm can be obtained by sending email to:

code-redat_private


Thank you for your prompt attention to this matter...

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Richard.Grevisat_private: "Re: Code Red, anyone? now DOS threat ;-)"
Previous message: Pat Moffitt: "RE: CRv3? Or some other ida type"
Next in thread: Richard Bradford: "RE: Code Red Scan"
Reply: Richard Bradford: "RE: Code Red Scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 10:09:47 PDT