Anyone know what this is? A new anti code red? --red0x ---------- Forwarded Message ---------- Subject: ACID Incident Report Date: Mon, 27 Aug 2001 19:27:31 -0700 From: nobody <nobodyat_private-ip.com> To: red0xat_private Generated by ACID v0.9.6b12 on Mon August 27, 2001 19:27:29 ---------------------------------------------------------------------------- - - #(3 - 1458) [2001-08-25 02:36:14] [arachNIDS/298] WEB-MISC http directory traversal IPv4: 64.129.66.101 -> 192.168.1.102 hlen=5 TOS=0 dlen=328 ID=7527 flags=0 offset=0 TTL=48 chksum=59220 TCP: port=2339 -> dport: 80 flags=***AP*** seq=3435210468 ack=3333548136 off=8 res=0 win=32120 urp=0 chksum=47223 Options: #1 - NOP len=0 #2 - NOP len=0 #3 - TS len=10 data=04E8598301BE66BC4745 Payload: length = 258 000 : 47 45 54 20 2F 53 63 72 69 70 74 73 2F 72 6F 6F GET /Scripts/roo 010 : 74 2E 65 78 65 3F 2F 63 2B 65 63 68 6F 2B 70 6C t.exe?/c+echo+pl 020 : 65 61 73 65 2B 70 61 74 63 68 2B 79 6F 75 72 2B ease+patch+your+ 030 : 73 79 73 74 65 6D 2E 2B 73 65 65 2B 68 74 74 70 system.+see+http 040 : 3A 2F 2F 77 77 77 2E 6D 69 63 72 6F 73 6F 66 74 ://www.microsoft 050 : 2E 63 6F 6D 2F 74 65 63 68 6E 65 74 2F 69 74 73 .com/technet/its 060 : 6F 6C 75 74 69 6F 6E 73 2F 73 65 63 75 72 69 74 olutions/securit 070 : 79 2F 74 6F 70 69 63 73 2F 63 6F 64 65 61 6C 72 y/topics/codealr 080 : 74 2E 61 73 70 3E 2E 2E 5C 2E 2E 5C 44 6F 63 75 t.asp>..\..\Docu 090 : 6D 65 7E 31 5C 41 6C 6C 55 73 65 7E 31 5C 44 65 me~1\AllUse~1\De 0a0 : 73 6B 74 6F 70 5C 59 4F 55 5F 48 41 56 45 5F 54 sktop\YOU_HAVE_T 0b0 : 48 45 5F 43 4F 44 45 5F 52 45 44 5F 57 4F 52 4D HE_CODE_RED_WORM 0c0 : 2E 54 58 54 20 48 54 54 50 2F 31 2E 30 0D 0A 55 .TXT HTTP/1.0..U 0d0 : 73 65 72 2D 41 67 65 6E 74 3A 20 2D 0D 0A 48 6F ser-Agent: -..Ho 0e0 : 73 74 3A 20 36 34 2E 31 36 37 2E 32 33 36 2E 36 st: 64.167.236.6 0f0 : 31 0D 0A 41 63 63 65 70 74 3A 20 2A 2F 2A 0D 0A 1..Accept: */*.. 100 : 0D 0A .. ------------------------------------------------------- -- --red0x ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Sep 02 2001 - 13:36:59 PDT