[Dshield] Anyone know what this is?

Johannes B. Ullrich jullrich at euclidian.com
Tue Aug 28 01:45:12 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Any ideas what this is? I found it in my Apache access_log.
>
> 64.225.196.160 - - [26/Aug/2001:21:10:03 +0100] "GET /NULL.printer HTTP/1.0" 404 206 -

This is an older MSFT IIS exploit (before code red). See:
http://www.kb.cert.org/vuls/id/516648


- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7iveqVOIizK5pIDMRAlGYAKC8O6yW/OBBUbCogcXSh54sOo/7rACg1Vdy
XU922w8U3Fh1Ht+zsPoTTgw=
=pQ+W
-----END PGP SIGNATURE-----




More information about the list mailing list