[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] [RaQ4] The main web server appears to be down
- Subject: RE: [cobalt-users] [RaQ4] The main web server appears to be down
- From: "Jay Fesco" <jay@xxxxxxxxxxxx>
- Date: Wed Sep 12 19:47:46 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> We found a lot of messages like this;
>
> www.domain.com 193.98.32.211 - - [10/Sep/2001:07:53:30 +0200] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXX
> XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6
> 858%ucbd3%
> u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 302 623 "-" "-"
>
That's a Code Red attack. It's also a red herring in your case.
Jay Fesco