[plug] Barbarians at the gate...

Ryan ryan at slowest.net
Sun Aug 5 12:45:01 WST 2001


I'm sure you're not alone.

The 3 subnets at my work (totalling 174 IPs) have been progressively HTTP 
port probed in the past 4 days by no less than 600 unique hosts.  It all 
started on August 2, the day AFTER all the hype said it would 
heighten.  The average occurrence of this event for us in the past was 
around 5 per week (non Code Red).

Ryan

At 12:13 PM 05-08-01 +0800, you wrote:
>Hey Fellas,
>
>On Sun, Aug 05, 2001 at 12:05:13PM +0800, James Bromberger wrote:
> > I think it was said earler; Code Red is a buffer overflow  exploit that
> > makes an HTTP request starting "/default.ida", and then has lots of 
> "NNN"'s
> > in it.
>
>Here is a bit of trivia:
>
>I grepped the logs of one web service I manage and found 188
>attempts have been made to infect it in the last couple weeks!
>
>
>Later,
>
>Jason Nicholls




More information about the plug mailing list