[Dshield] New one?

Tony Maro tonym at nlisc.com
Wed Oct 17 14:36:58 GMT 2001

Oh crap - looks like it's trying the standard directory traversal with a
twist, BUT... what's significant is that it looks like it's coming from a
Winblows 98 box!

If there's a new bug infecting 98 that does this that's gonna be one massive
DOS attack.

-----Original Message-----
From: Martin Mueller [mailto:mueller at webpartner.de] 
Sent: Wednesday, October 17, 2001 8:05 AM
To: dshield at dshield.org
Subject: [Dshield] New one?

Hi all,

this log-entrys i found today on a Apache virtual-Webserver of my company.
Sorry, the lines are very long, but all different...

Is this a new "Code Red" or something?
It looks not like the "normal" CR or Nimda to me.

The "Attacking-IP" is located in Brasil(if it is the real :-) ), we are in

Best regards,

Martin Mueller
Webpartner Kommunikationsdienste GmbH
Metzstrasse 14b
81667 Muenchen

Tel: 089/480 88 89-0
Fax: 089/480 88 89-9

mueller at webpartner.de
Schon geklickt? http://www.urlpartner.de
Favoriten online verwalten
Ein Projekt der Webpartner GmbH - - [17/Oct/2001:08:10:28 +0200] "GET
HTTP/1.1" 404 336 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)" - - [17/Oct/2001:08:10:28 +0200] "GET

More information about the list mailing list