Re: Code Red gone to sleep?

From: hvdkooijat_private
Date: Thu Oct 04 2001 - 16:29:45 PDT

  • Next message: cambriaat_private: "Re: Code Red gone to sleep?"

    On Tue, 2 Oct 2001, Jay D. Dyson wrote:
    
    > 	We were discussing on the Early Bird Developers list that none of
    > us have seen any Code Red scans since September 30th.
    
    It seems CodeRed isn't dead yet. I just logged an access attempt to
    default.ida from a Korean machine that seem to be infected with some
    strand.
    
    The server reported on port 80:
    
    HTTP/1.1 200 OK
    Server: Microsoft-IIS/5.0
    Date: Sun, 10 Jun 2001 23:22:54 GMT
    Connection: Keep-Alive
    Content-Length: 1176
    Content-Type: text/html
    Set-Cookie: ASPSESSIONIDQGQGGCBC=PPDDCKGABGKGDBOKGDOCJELP; path=/
    Cache-control: private
    
    I was unable to understand a single character shown on the server.
    
    Hugo.
    
    PS: nimda seems to slow down a little bit.
    
    -- 
    All email send to me is bound to the rules described on my homepage.
        hvdkooijat_private		http://hvdkooij.xs4all.nl/
    	    Don't meddle in the affairs of sysadmins,
    	    for they are subtle and quick to anger.
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 20:36:24 PDT