It seems that we still have some code red attacks coming into the
IETF 52 network. Does 12.234.20.53 happen to be a machine owned
by Novell ?
Dec 10 21:57:13 voojagig tcpsuck[1110]: Data from UNKNOWN (12.234.20.53)
port 4774 to http (port 80)
Dec 10 21:57:13 voojagig tcpsuck[1110]: 0- 47455420 2f736372 69707473
2f726f6f GET /scripts/roo
Dec 10 21:57:13 voojagig tcpsuck[1110]: 16- 742e6578 653f2f63 2b646972
20485454 t.exe?/c+dir HTT
Dec 10 21:57:13 voojagig tcpsuck[1110]: 32- 502f312e 300d0a48 6f73743a
20777777 P/1.0..Host: www
Dec 10 21:57:13 voojagig tcpsuck[1110]: 48- 0d0a436f 6e6e6e65 6374696f
6e3a2063 ..Connnection: c
Dec 10 21:57:13 voojagig tcpsuck[1110]: 64- 6c6f7365 0d0a0d0a
--
/amlan