Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: high number of code red events

From: <michal () ns lounsko cz>
Date: Mon, 7 Oct 2002 10:50:48 +0200 (CEST)
Hi,
well I can se lot of them too....hundreds per day, but very often
number of these in short time period from one IP a then is quit from that
IP.
As far as i know, this vulnerability is only on MS Win, and I'm running
Apache, so I suppose that it's "robot" scan and so I don't worry about
that.

Michal


 On 3 Oct 2002, Marcelo Bartsch wrote:


Hello,
      has enyone notice a incresing number of code red attacks, but, coming
from the same ip address to the same ip address. my ids detect at least
20 to 30 attacks to the same ip from the same ip, using variants of
codered and coderedv2 is only to my or has this been seen on other
places?

P.D.: sorry for my bad english.

33 XXX.YYY.ZZZ.52
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS CodeRed v2 root.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: spp_http_decode: ISS Unicode attack detected (To:
AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)
        Sig: WEB-IIS cmd.exe access (To: AAA.BBB.CCC.11)





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: