Stan, I'm seeing this activity increasing on 2 of my internet facing networks right now. Has anyone captured a copy of this iteration? Just curious if this is a new verion? cheers, Dave ========================== David C. Lewis, CISSP Root Shell Security Canada ========================== ----- Original Message ----- From: "Stan Burditzman" <slidefx2at_private> To: <incidentsat_private> Sent: Tuesday, March 11, 2003 12:24 PM Subject: The Return of Code Red II? > > Is anyone else seeing traffic generated by Code Red II. I thought it wasn't > supposed to propagate after 10/01? Unfortunately I don't have the whole > string but here is the RealSecure Event. > > Event Name: HTTP_Code_Red_II > Date/Time: 2003/03/11 09:32:11 > Source Addr: 211.148.215.243 > Destination Addr: 161.xxx.xxx.xxx > Protocol Id: TCP(6) > URL: /default.ida > arg: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858% ucbd3%u7801% > > ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 12:40:30 PST