[Gllug] Code Red
will
will at hellacool.co.uk
Fri Jul 20 11:41:15 UTC 2001
----- Original Message -----
From: <john.hearns at framestore.co.uk>
To: <gllug at linux.co.uk>
Sent: Friday, July 20, 2001 12:13 PM
Subject: Re: [Gllug] Code Red
> will wrote:
> >
> > This little incident has brightened my day no end:
> >
> > http://www.theregister.co.uk/content/4/20474.html
> >
>
> There's a good thread going on this on london-pm
Does anyone have the URL of the archives? :-)
> We've seen 17 attempts so far.
> What is anybody else seeing?
Most shared UNIX accounts that we have looked at have something similar to:
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0
(from Analysis of the worm by eEye Digital Security.) in the logs from
compromised doze boxes. Also, there is still a small war in progress on the
other side of one of one of our office firewalls which makes hops 1 outside
of the firewall almost impossible.
ho hum :-)
will.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list