[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: WHAT IT MEAN
- From: Anth Courtney <anth pnc com au>
- To: redhat-list redhat com
- Subject: Re: WHAT IT MEAN
- Date: Tue, 11 Sep 2001 17:55:27 +1000
It's the Code Red worm by the looks of it.
cheers,
Anth
Jan Albrecht bertelsmann de wrote:
>
> Hi,
>
> seems to a be a try of a buffer overflow.
>
> Kind regards
>
> Jan Albrecht
>
> --
> Jan Albrecht Phone: +49-5241-80-88404
> System Consultant UNIX/NT Fax: +49-5241-80-688404
> Bertelsmann mediaSystems NMI-DC mobile: +49-172-2978914
> An der Autobahn
> 33311 Gütersloh mailto:jan albrecht bertelsmann de
> Germany
>
> > -----Original Message-----
> > From: Alessandro Coppelli [mailto:coppelli dsea unipi it]
> > Sent: Tuesday, September 11, 2001 9:25 AM
> > To: redhat-list redhat com
> > Subject: WHAT IT MEAN
> >
> >
> >
> > What it mean ? Is it an intrusion ?
> > =================================0
> > 131.238.225.34 - - [07/Sep/2001:13:02:26 +0200] "-" 408 -
> > 131.115.231.62 - - [07/Sep/2001:15:59:53 +0200] "-" 408 -
> > 202.128.139.105 - - [07/Sep/2001:16:32:41 +0200] "-" 408 -
> > 211.230.87.30 - - [07/Sep/2001:22:15:35 +0200] "-" 408 -
> > 172.189.91.93 - - [08/Sep/2001:00:28:24 +0200] "-" 408 -
> > 172.144.211.217 - - [08/Sep/2001:01:25:49 +0200] "GET
> > /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX>
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858
> > %ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u
> > 9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 404 280
> > 61.13.210.188 - - [10/Sep/2001:10:19:54 +0200] "GET
> > /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX>
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858
> > %ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u
> > 9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 404 280
> > 213.194.96.29 - - [10/Sep/2001:12:34:42 +0200] "-" 408 -
> > 61.134.176.189 - - [10/Sep/2001:12:38:03 +0200] "-" 408 -
> > 131.107.78.108 - - [10/Sep/2001:14:35:13 +0200] "-" 408 -
> > 61.183.121.70 - - [10/Sep/2001:14:56:57 +0200] "-" 408 -
> > 24.101.169.90 - - [10/Sep/2001:19:43:47 +0200] "-" 408 -
> > 131.194.131.79 - - [10/Sep/2001:19:47:20 +0200] "-" 408 -
> > 172.182.159.150 - - [11/Sep/2001:03:50:43 +0200] "GET
> > /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX>
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858
> > %ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u
> > 9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 404 280
> > 159.226.187.92 - - [11/Sep/2001:05:19:45 +0200] "GET
> http://www.s3.com/
> HTTP/1.1" 200 13726
> 62.227.232.74 - - [11/Sep/2001:05:55:38 +0200] "-" 408 -
>
> _______________________________________________
> Redhat-list mailing list
> Redhat-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
> _______________________________________________
> Redhat-list mailing list
> Redhat-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
> SCANNED BY PENICILLIN http://penicillin.pnc.com.au/
--
--------------------------------------------------------
Anth Courtney - Systems Administrator / Programmer
anth pnc com au - PLANET NETCOM - www.pnc.com.au
Your mouse has moved.
Windows will now restart so this change can take effect.
--------------------------------------------------------
SCANNED BY PENICILLIN http://penicillin.pnc.com.au/
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]