[Dshield] I've got it....
pmarsh at nmefdn.org
Sun Aug 5 17:29:28 GMT 2001
126.96.36.199 is not one of mine, it's an external ip.
From: John Groseclose [mailto:iain at caradoc.org]
Sent: Sunday, August 05, 2001 12:48 PM
To: dshield at dshield.org
Subject: Re: [Dshield] I've got it....
At 10:04 AM -0400 8/5/01, Paul Marsh wrote:
>I was checking my logs this morning and found the
>18:11:53 188.8.131.52 - GET /default.ida
>9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 165 3818 63
>80 - -
>This is a log froma patched machine, the machine has been patched for weeks
>now???? Does anyone want or need more info? I'd like to send these things
>to someone for analysis to find out why the patch did not stop ver.2?
Is this a log from a webserver *on* the patched machine? If so,
you're not infected - you're just logging the attempt to connect.
Is 184.108.40.206 your machine? Or someone else's?
iain at caradoc.org
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list