[plug] Barbarians at the gate...
Ryan
ryan at slowest.net
Sun Aug 5 12:45:01 WST 2001
I'm sure you're not alone.
The 3 subnets at my work (totalling 174 IPs) have been progressively HTTP
port probed in the past 4 days by no less than 600 unique hosts. It all
started on August 2, the day AFTER all the hype said it would
heighten. The average occurrence of this event for us in the past was
around 5 per week (non Code Red).
Ryan
At 12:13 PM 05-08-01 +0800, you wrote:
>Hey Fellas,
>
>On Sun, Aug 05, 2001 at 12:05:13PM +0800, James Bromberger wrote:
> > I think it was said earler; Code Red is a buffer overflow exploit that
> > makes an HTTP request starting "/default.ida", and then has lots of
> "NNN"'s
> > in it.
>
>Here is a bit of trivia:
>
>I grepped the logs of one web service I manage and found 188
>attempts have been made to infect it in the last couple weeks!
>
>
>Later,
>
>Jason Nicholls
More information about the plug
mailing list