high number of code red events

From: Marcelo Bartsch (mbartschat_private)
Date: Thu Oct 03 2002 - 14:09:53 PDT

  • Next message: Robinson, Sonja: "RE: maybe a simple problem" 

    Hello,
	has enyone notice a incresing number of code red attacks, but, coming
from the same ip address to the same ip address. my ids detect at least
20 to 30 attacks to the same ip from the same ip, using variants of
codered and coderedv2 is only to my or has this been seen on other
places?

P.D.: sorry for my bad english.

33 XXX.YYY.ZZZ.52
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)

-- 
   Marcelo Bartsch
mbartschat_private
  www.netglobalis.net

PGP Fingerprint : 
877E 3A56 F523 B44A 3260  8F83 8916 E158 6100 F721


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 23:22:19 PDT