Security Incidents mailing list archives
Re: Code Red gone to sleep?
From: hvdkooij () vanderkooij org
Date: Fri, 5 Oct 2001 01:29:45 +0200 (CEST)
On Tue, 2 Oct 2001, Jay D. Dyson wrote:
We were discussing on the Early Bird Developers list that none of us have seen any Code Red scans since September 30th.
It seems CodeRed isn't dead yet. I just logged an access attempt to default.ida from a Korean machine that seem to be infected with some strand. The server reported on port 80: HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Sun, 10 Jun 2001 23:22:54 GMT Connection: Keep-Alive Content-Length: 1176 Content-Type: text/html Set-Cookie: ASPSESSIONIDQGQGGCBC=PPDDCKGABGKGDBOKGDOCJELP; path=/ Cache-control: private I was unable to understand a single character shown on the server. Hugo. PS: nimda seems to slow down a little bit. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code Red gone to sleep? Jay D. Dyson (Oct 02)
- Re: Code Red gone to sleep? Ryan Russell (Oct 02)
- Re: Code Red gone to sleep? Kath (Oct 02)
- Re: Code Red gone to sleep? cambria (Oct 02)
- Re: Code Red gone to sleep? Andreas Östling (Oct 03)
- Re: Code Red gone to sleep? hvdkooij (Oct 04)
- Re: Code Red gone to sleep? cambria (Oct 05)