Security Incidents mailing list archives
Re: Code Red, anyone?
From: thomas lakofski <thomas () 88 net>
Date: Wed, 1 Aug 2001 13:38:33 +0100 (BST)
On Tue, 31 Jul 2001, Alfred Huger wrote:
I realize that most of you have taken shelter and are awaiting the impending demise of the Internet as we know it. However for those of you stalwart bastions of courage who are still manning the ship in the face of this clear and present danger, I have a question. Anyone seeing Code Red activity yet?
my host with 2 IPs has seen so far exactly 1 probe that looks like the code red attempts (v2 i presume) i had seen many of on the 19th-20th of July. Aug 1 11:09:42 io snort: IDS296/web-misc_http-whisker-splicing-attack-space: 194.133.117.220:3644 -> 209.9.230.110:80 Aug 1 11:09:43 io snort: IDS552/web-iis_IIS ISAPI Overflow ida: 194.133.117.220:3644 -> 209.9.230.110:80 Aug 1 11:09:43 io snort: IDS552/web-iis_IIS ISAPI Overflow ida: 194.133.117.220:3644 -> 209.9.230.110:80 Aug 1 11:09:43 io snort: IDS243/web-cgi_http-cgi-pipe: 194.133.117.220:3644 -> 209.9.230.110:80 full log of 4 packets at http://88.net/~thomas/codered.txt times are UTC. -thomas -- Do what thou wilt shall be the whole of the Law. -- Aleister Crowley gpg: pub 1024D/81FD4B43 sub 4096g/BB6D2B11=>p.nu/d 2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red, anyone? Alfred Huger (Jul 31)
- Code Red, anyone? Russell Fulton (Jul 31)
- Re: Code Red, anyone? Glenn Forbes Fleming Larratt (Jul 31)
- Re: Code Red, anyone? Michael Sullenszino (Aug 01)
- Re: Code Red, anyone? S. Staniford (Jul 31)
- Re: Code Red, anyone? Joseph Nicholas Yarbrough (Aug 01)
- Re: Code Red, anyone? thomas lakofski (Aug 01)
- RE: Code Red, anyone? Coen Bongers (Aug 01)
- Re: Code Red, anyone? Ryan Russell (Aug 01)
- Re: Code Red, anyone? Kman (Aug 01)
- <Possible follow-ups>
- Re: Code Red, anyone? Ken Eichman (Aug 01)
- unsubscribe me please Christophe Bernigaud (Aug 01)
- RE: Code Red, anyone? Information Security (Aug 01)
- RE: Code Red, anyone? Chip McClure (Aug 01)
- RE: Code Red, anyone? Jürgen Nieveler (Aug 01)
- Re: Code Red, anyone? Seth Arnold (Aug 01)
- Re: Code Red, anyone? Pat Wilson (Aug 01)
(Thread continues...)