Security Incidents mailing list archives

Other China Hack Attempts Concurrent With Code Red

From: "David E. Weekly" <dweekly () legato com>
Date: Thu, 19 Jul 2001 21:03:06 -0700

I've seen 58 hosts attempt to access default.ida with an overflow string on
my box. I've had several other attempts, though, that seem to be hand-done,
including several FTP logins and an attempt to send the GET strings "^D^A"
and "^E^A^B" to my webserver (Apache). Any ideas what the latter might be?

-david





----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Current thread:

HTTP connections Gillard, Paul (Jul 19)
- Re: HTTP connections Chris Freeze (Jul 19)
- Re: HTTP connections Ryan Russell (Jul 19)
  - Other China Hack Attempts Concurrent With Code Red David E. Weekly (Jul 19)
- <Possible follow-ups>
- RE: HTTP connections Dean Cunningham (Jul 19)
  - RE: HTTP connections Ryan Russell (Jul 19)
- RE: HTTP connections Lindsay (Jul 22)