nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: CodeRed: New Variant?

From: Bob K <melange () yip org>
Date: Mon, 6 Aug 2001 10:51:03 -0400 (EDT)

A quick skim through the bulletin tells me that someone *could* write a
worm that incorporates that vulnerability, but I haven't seen any attempts
in my httpd logs...

On Mon, 6 Aug 2001, Seth M. Kusiak wrote:



Perhaps I should explain a bit more:

This is a known exploit 
(http://www.microsoft.com/technet/security/bulletin/ms01-023.asp) however I 
saw many requests from multiple IP's. I thought that this was odd to see so 
many in such a short time. I thought that maybe another worm was on the 
loose. 

~Seth 

Seth M. Kusiak writes: 



I'm seeing this. Anyone else?  

--------------------------------------------------------------------------
2001-08-05 22:11:37 <Client IP> - <Server IP> 80 GET /NULL.printer - 302 0 
315 2365 0 
 
 
 
 
 
 
 
 3À°؋‹@`3Û³$Ãÿà빐1Œj - - -
--------------------------------------------------------------------------

 



-- 
Bob <melange () yip org> | Yes.  I know.  That is, indeed, *not* mayonnaise.
Previous By Date Next
Previous By Thread Next

Current thread: