Hi, What about this: schebish.c.crosslink.net - - [11/Oct/2002:17:02:57 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 329 ??
Hi
yes, it's really possible. Our reverse proxy just today picked up the same logs coming from a french IP address. I'm just checking what exactly this is.
Philipp
-----Original Message----- From: Thomas Seliger [mailto:CRJLJAKTJORB@spammotel.com] Sent: Friday, October 11, 2002 2:01 PM To: suse-security@suse.com Subject: [suse-security] Re: **maillist-work:: Re: [suse-security] does anybody know such a log
Hi,
What Hannes says is true. There are quite a few nimda infected computers out there that are connected to the internet via T-DSL, even some with ISDN. With "flatrates" getting affordable, people often have their PCs connected their PCs almost 24h to (e.g. for download or P2P). Also running a Webserver on such hosts isn't as uncommon as it used to be.
peace, Tom
Johannes Studt wrote:
On Friday 11 October 2002 13:28, mailinglists@belfin.ch wrote:
Who's sleeping here? This isn't neither nimda nor code red. This is a scan. it came from a dial up account. Nimda and Code red never came from dial up accounts. They always came from static IP addresses.
Why nimda or code red _must_ come from static ip addresses? Think of IIS installed on WinPCs which are 24/7 up and
accessible via
DynDNS names. Such systems are vulnerable too...
Hannes
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch