On Tue, 31 Jul 2001, Alfred Huger wrote:
> I realize that most of you have taken shelter and are awaiting the
> impending demise of the Internet as we know it. However for those of you
> stalwart bastions of courage who are still manning the ship in the face of
> this clear and present danger, I have a question. Anyone seeing Code Red
> activity yet?
my host with 2 IPs has seen so far exactly 1 probe that looks like the code red
attempts (v2 i presume) i had seen many of on the 19th-20th of July.
Aug 1 11:09:42 io snort: IDS296/web-misc_http-whisker-splicing-attack-space: 194.133.117.220:3644 -> 209.9.230.110:80
Aug 1 11:09:43 io snort: IDS552/web-iis_IIS ISAPI Overflow ida: 194.133.117.220:3644 -> 209.9.230.110:80
Aug 1 11:09:43 io snort: IDS552/web-iis_IIS ISAPI Overflow ida: 194.133.117.220:3644 -> 209.9.230.110:80
Aug 1 11:09:43 io snort: IDS243/web-cgi_http-cgi-pipe: 194.133.117.220:3644 -> 209.9.230.110:80
full log of 4 packets at http://88.net/~thomas/codered.txt
times are UTC.
-thomas
--
Do what thou wilt shall be the whole of the Law.
-- Aleister Crowley
gpg: pub 1024D/81FD4B43 sub 4096g/BB6D2B11=>p.nu/d
2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Aug 01 2001
Intro
