CodeRed: New Variant?

• Previous message (by thread): CodeRed: New Variant?
• Next message (by thread): The Death of TCP/IP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A quick skim through the bulletin tells me that someone *could* write a
worm that incorporates that vulnerability, but I haven't seen any attempts
in my httpd logs...

On Mon, 6 Aug 2001, Seth M. Kusiak wrote:

> 
> Perhaps I should explain a bit more:
> 
> This is a known exploit 
> (http://www.microsoft.com/technet/security/bulletin/ms01-023.asp) however I 
> saw many requests from multiple IP's. I thought that this was odd to see so 
> many in such a short time. I thought that maybe another worm was on the 
> loose. 
> 
> ~Seth 
> 
> Seth M. Kusiak writes: 
> 
> > 
> > I'm seeing this. Anyone else?  
> > 
> > --------------------------------------------------------------------------
> > 2001-08-05 22:11:37 <Client IP> - <Server IP> 80 GET /NULL.printer - 302 0 
> > 315 2365 0 
> >  
> >  
> >  
> >  
> >  
> >  
> >  
> >  3À°Ø‹‹@`3Û³$Ãÿà빐1Œj - - -
> > --------------------------------------------------------------------------
>  
> 

-- 
Bob <melange at yip.org> | Yes.  I know.  That is, indeed, *not* mayonnaise.

• Previous message (by thread): CodeRed: New Variant?
• Next message (by thread): The Death of TCP/IP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]