On Tue, 2 Oct 2001, Jay D. Dyson wrote:
> We were discussing on the Early Bird Developers list that none of
> us have seen any Code Red scans since September 30th.
It seems CodeRed isn't dead yet. I just logged an access attempt to
default.ida from a Korean machine that seem to be infected with some
strand.
The server reported on port 80:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 10 Jun 2001 23:22:54 GMT
Connection: Keep-Alive
Content-Length: 1176
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQGQGGCBC=PPDDCKGABGKGDBOKGDOCJELP; path=/
Cache-control: private
I was unable to understand a single character shown on the server.
Hugo.
PS: nimda seems to slow down a little bit.
--
All email send to me is bound to the rules described on my homepage.
hvdkooijat_private http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 20:36:24 PDT