Hi, I can confirm this. I've had several hits since yesterday. Med venlig hilsen // Kind regards Peter Kruse Kruse Security Email: kruseat_private http://www.krusesecurity.dk > -----Oprindelig meddelelse----- > Fra: Stan Burditzman [mailto:slidefx2at_private] > Sendt: 11. marts 2003 18:24 > Til: incidentsat_private > Emne: The Return of Code Red II? > > > > Is anyone else seeing traffic generated by Code Red II. I > thought it wasn't > supposed to propagate after 10/01? Unfortunately I don't > have the whole > string but here is the RealSecure Event. > > Event Name: HTTP_Code_Red_II > Date/Time: 2003/03/11 09:32:11 > Source Addr: 211.148.215.243 > Destination Addr: 161.xxx.xxx.xxx > Protocol Id: TCP(6) > URL: /default.ida > arg: > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801% > > > _________________________________________________________________ > Tired of spam? Get advanced junk mail protection with MSN 8. > http://join.msn.com/?page=features/junkmail > > > -------------------------------------------------------------- > -------------- > > <Pre>Lose another weekend managing your IDS? > Take back your personal time. > 15-day free trial of StillSecure Border Guard.</Pre> > <A href="http://www.securityfocus.com/stillsecure"> > http://www.securityfocus.com/stillsecure </A> > ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 12:50:57 PST