Security Incidents mailing list archives
code red.. one funny detail
From: "B." <ouwerkerk92 () zonnet nl>
Date: Thu, 02 Aug 2001 00:39:17 +0200
Hi, Found a few new ones in my logfiles.. Used grep.. What really is interesting is this: e0.filt2.davidson.tn.ena.net - - [01/Aug/2001:22:47:12 +0200] e0.filt2.davidson.tn.ena.net - - [01/Aug/2001:22:48:07 +0200] It tried two times from the same IP to the same IP..Did the first request timeout?? is it a mutant.. dunno.. it is a fact that the same IP tried it twice.. within less then one minute.
I'll keep the original logfiles.. just in case..Any other double below is caused by the fact that this box contains multiple IP's.. I don't think any double would appear..
34.mudd.nyrk.nycenycp.dsl.att.net - - [01/Aug/2001:20:07:15 +0200] wrkstn132.prgx.com - - [01/Aug/2001:20:14:17 +0200] 208.35.235.249 - - [01/Aug/2001:20:18:01 +0200] 213.82.235.2 - - [01/Aug/2001:22:25:09 +0200] 213.235.189.20 - - [01/Aug/2001:20:41:38 +0200] g076185.ap.plala.or.jp - - [01/Aug/2001:22:22:18 +0200] w078.z066088058.chi-il.dsl.cnc.net - - [01/Aug/2001:23:19:18 +0200] host213-123-198-162.in-addr.btopenworld.com - - [01/Aug/2001:20:19:19 +0200] 203.230.107.32 - - [01/Aug/2001:21:14:06 +0200] 211.40.227.165 - - [01/Aug/2001:19:49:05 +0200] 211.62.74.3 - - [01/Aug/2001:20:55:12 +0200] 159.226.99.170 - - [01/Aug/2001:21:32:09 +0200] 146.105.80.55 - - [01/Aug/2001:21:34:32 +0200] 66.7.0.247 - - [01/Aug/2001:21:47:36 +0200] 207.51.33.6 - - [01/Aug/2001:22:24:26 +0200] adsl-64-123-199-162.dsl.hstntx.swbell.net techimag.demon.co.uk - - [01/Aug/2001:22:39:37 +0200] pc065018.yeungnam.ac.kr - - [01/Aug/2001:23:44:52 +0200] ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- code red.. one funny detail B. (Aug 01)