dig -x ip.address:
90.99.11.217.in-addr.arpa. 86383 IN PTR dialup-90.iberbanda.es.
I've seen a lot of logs dealing with nimda and code red a year ago. But I never saw this coming from a dial up link.
I saw several attempts from dsl and dial up.
I checked the french and the spanish ip addresses. These definitely were dial up boxes. And whatever it is they send, it cannot affect my boxes.
Anyway it does not affect any linux-box! Any responsible admin will not tolerate those insecure iis and use apache (even with or without asp)!
That's for sure.
concerned about this attempts, that do not effect your server (I think you are running apache, don't you?)?
Yes I do. This is why it doesn't really bother me. I just can't believe that there's still Nimda/Code Red infected boxes out there. After more than one year. My installation is very new. That's why snort isn't running yet. I'll be able to see more once snort runs.
If you got iis make some acl's in your reverse proxy will help filter all nasty requests and don't effect your system(s)!
Thank you all for your kind help Philipp