[Dshield] Code red variant?

Johannes B. Ullrich jullrich at euclidian.com
Thu Jul 26 16:11:02 GMT 2001


I believe the EEye .ida vulnerability test uses this URL.

On Thu, 26 Jul 2001, Thompson, John J wrote:

> I checked the incidents.org site and didn't see anythign regarding this, but
> perhaps one of you has seen this too. Today, around 7:45am CST, I saw the
> now familiar HTTP GET data with repeated character alert from BlackIce. When
> I looked at the actual log, I found that it wasn't the same signature as
> before... Instead, it was:
>
> length=222&URL=/x.ida&arg=AAA* (with 219 more a's following).
>
> Anyone else seen this or know what it is?
>
> John
>
> ------------------------------------
> John Thompson
> Network Administrator
> Dept. of Biochemistry
> University of Iowa
> tel: 319.335.7952
> fax: 319.335.9570
>
>

-- 
-------
jullrich at sans.org                    Join http://www.DShield.org
                                     Distributed Intrusion Detection System





More information about the list mailing list