[Dshield] Code red variant?
barkjr at home.com
Thu Jul 26 16:11:26 GMT 2001
Message> length=222&URL=/x.ida&arg=AAA* (with 219 more a's following).
> Anyone else seen this or know what it is?
I haven't (just grep'd my two web servers for *ida*), but maybe it's just not widespread
yet. I did find this log entry though:
126.96.36.199 - - [26/Jul/2001:11:39:43 -0400] "GET /NULL.printer HTTP/1.0" 404 1522 "-"
I have my web servers email me when they encounter 404 errors. In my email, the
REQUEST_URI was listed as:
Maybe they're invisible characters in telnet? Anyone else seen this? Should I email an
More information about the list