nanog mailing list archives

Re: New Virus in the wild

From: Gadi Evron <ge () linuxbox org>
Date: Mon, 17 Jan 2005 19:44:37 +0200


Nils Ketelsen wrote:

We see a lot of requests of the following format in our proxy logs:

1105979310.010 240001 10.3.12.211 TCP_MISS/504
1458 GET http://84.120.14.236:25204/2005/1/17/11/23/32/ - NONE/- text/html
1105979314.020 240009 10.3.12.211 TCP_MISS/504
1458 GET http://67.171.84.104:25238/2005/1/17/11/23/41/ - NONE/- text/html
1105979316.077 240068 10.3.12.211 TCP_MISS/504
1460 GET http://213.188.227.50:25401/2005/1/17/11/23/43/ - NONE/- text/html

A very important question would be: do you see these URL's onANY-HOST/permutation or SPECIFIC-HOSTS/permutation?


        Gadi.

Current thread:

New Virus in the wild Nils Ketelsen (Jan 17)
- Re: New Virus in the wild Gadi Evron (Jan 17)
  - Re: New Virus in the wild Nils Ketelsen (Jan 17)
    - Re: New Virus in the wild Gadi Evron (Jan 17)
    - Re: New Virus in the wild Gadi Evron (Jan 17)
    - Re: New Virus in the wild Gadi Evron (Jan 19)
    - Re: New Virus in the wild Gadi Evron (Jan 19)
    - Re: New Virus in the wild Nils Ketelsen (Jan 19)
    - Re: New Virus in the wild Jason Frisvold (Jan 19)