Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

high number of code red events
From: Marcelo Bartsch <mbartsch () netglobalis net>
Date: 03 Oct 2002 17:09:53 -0400
Hello,
        has enyone notice a incresing number of code red attacks, but, coming
from the same ip address to the same ip address. my ids detect at least
20 to 30 attacks to the same ip from the same ip, using variants of
codered and coderedv2 is only to my or has this been seen on other
places?

P.D.: sorry for my bad english.

33 XXX.YYY.ZZZ.52
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)

-- 
   Marcelo Bartsch
mbartsch () netglobalis net
  www.netglobalis.net

PGP Fingerprint : 
877E 3A56 F523 B44A 3260  8F83 8916 E158 6100 F721


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]