Security Incidents mailing list archives
Re: high number of code red events
From: <michal () ns lounsko cz>
Date: Mon, 7 Oct 2002 10:50:48 +0200 (CEST)
Hi, well I can se lot of them too....hundreds per day, but very often number of these in short time period from one IP a then is quit from that IP. As far as i know, this vulnerability is only on MS Win, and I'm running Apache, so I suppose that it's "robot" scan and so I don't worry about that. Michal On 3 Oct 2002, Marcelo Bartsch wrote:
Hello, has enyone notice a incresing number of code red attacks, but, coming from the same ip address to the same ip address. my ids detect at least 20 to 30 attacks to the same ip from the same ip, using variants of codered and coderedv2 is only to my or has this been seen on other places? P.D.: sorry for my bad english. 33 XXX.YYY.ZZZ.52 Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: spp_http_decode: ISS Unicode attack detected (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11) Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- high number of code red events Marcelo Bartsch (Oct 03)
- Re: high number of code red events michal (Oct 07)