-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Same here. Our firewall logs similiar lines. And I'm pretty sure it is CodeRed as our Apache log _lots_ of tries to "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" Regards, Alfred Am 9 Aug 2001, um 8:37 hat Philipp Snizek geschrieben:
Dear list users,
since several days we have a lot of log entries originating from various IP addresses looking like this:
08/08/2001 00:09:34.464 - TCP connection dropped - Source:195.219.121.17, 1429, WAN - Destination: our ip address, 80, LAN - 'Web (HTTP)' - Rule 0 08/08/2001 00:11:53.928 - TCP connection dropped - Source:195.55.190.134, 3585, WAN - Destination: our ip address, 80, LAN - 'Web (HTTP)' - Rule 0 08/08/2001 00:17:43.384 - TCP connection dropped - Source:195.144.38.219, 2950, WAN - Destination: our ip address, 80, LAN - 'Web (HTTP)' - Rule 0 08/08/2001 00:26:19.432 - TCP connection dropped - Source:195.58.181.178, 3026, WAN - Destination: our ip address, 80, LAN - 'Web (HTTP)' - Rule 0
3 of these 4 IP addresses run IIS Webserver. One seems to be down. Since this is a firewall log and I have no other logfiles it is hard to me to determine whether this could be Code Red. Has anybody got a log that looks the same or similar? TIA
Philipp
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 -- QDPGP 2.61c Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBO3JfmdPw+MyrmYQvEQKDMQCdHRlOrGCosnYF5uAh5V00CAf146MAoJGX aZFrY/2tkF/BriMmeM8CMmgS =sBcn -----END PGP SIGNATURE----- ############################################################################ Geological Survey of Austria # A.JILKA # This Space Rasumofskyg. 23 # jilalf@cc.geolba.ac.at # for rent A-1031 Vienna # Fon: +43/(0)1/712-56-74/444 # Europe # Fax: +43/(0)1/713-64-57/444 # :-) ################ Visit us at http://www.geolba.ac.at #######################