New version of Code Red?

[Dean Cunningham <Dean.Cunningham () ew govt nz>]

A FYI, I have yet to see anything in my logs.

cheers
Dean


-----Original Message-----
From: MVick () mail uttyl edu [mailto:MVick () mail uttyl edu] 
Sent: Wednesday, 25 July 2001 8:44 AM
To: NT System Admin Issues
Subject: New version of Code Red?


Computer at 172.158.225.228 does the 80 GET /x.ida, followed by AAA...
instead of NNN...
Then comes back 25 minutes later with 80 GET /iisstart.asp and 80 GET
/pagerror.gif


2001-07-23 11:05:32 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /x.ida
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=X

200 -

2001-07-23 11:30:06 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /iisstart.asp
- 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98;+Win+9x+4.90)

2001-07-23 11:30:08 172.158.255.228 - xxx.xxx.xxx.xxx 80 GET /pagerror.gif
- 200 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+98;+Win+9x+4.90)


And nslookup reports....


C:\>nslookup 172.158.255.228
Server:  xxxx.xxxxx.xxx
Address:  xxx.xxx.xxx.xxx

Name:    AC9EFFE4.ipt.aol.com
Address:  172.158.255.228



Michael Vick

***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com