[Dshield] I've got it....

Paul Marsh pmarsh at nmefdn.org
Sun Aug 5 17:29:28 GMT 2001 is not one of mine, it's an external ip.

Thanx, Paul

-----Original Message-----
From: John Groseclose [mailto:iain at caradoc.org]
Sent: Sunday, August 05, 2001 12:48 PM
To: dshield at dshield.org
Subject: Re: [Dshield] I've got it....

At 10:04 AM -0400 8/5/01, Paul Marsh wrote:
>I was checking my logs this morning and found the
>18:11:53 - GET /default.ida
>9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 165 3818 63
>80 - -
>This is a log froma patched machine, the machine has been patched for weeks
>now????  Does anyone want or need more info?  I'd like to send these things
>to someone for analysis to find out why the patch did not stop ver.2?

Is this a log from a webserver *on* the patched machine? If so, 
you're not infected - you're just logging the attempt to connect.

Is your machine? Or someone else's?
John Groseclose
iain at caradoc.org

Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list