code red scan update

From: Kevin Holmquist (kevinhat_private)
Date: Wed Aug 01 2001 - 10:32:50 PDT

Next message: dave.goldsmithat_private: "Possible method to prevent spread of CodeRed and other similar wo rms"

Previous message: Ryan Russell: "Re: CodeRed Activity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Based on grepped weblogs, I've had two scans on my DSL network at home.

One was at 8:38am from 210.85.153.8, registered to a Cable modem ISP in Taiwan

Second was at 10:56am from 217.110.107.55, registered to a webcast group in Germany

All times US-MDT.  Registration information via www.ripe.net and www.apnic.net

both attempts had the GET /default.ida?NNNNNNN.... message.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: dave.goldsmithat_private: "Possible method to prevent spread of CodeRed and other similar wo rms"
Previous message: Ryan Russell: "Re: CodeRed Activity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 10:50:36 PDT