Who's sleeping here? This isn't neither nimda nor code red. This is a scan. it came from a dial up account. Nimda and Code red never came from dial up accounts. They always came from static IP addresses. (Thanks, Thomas, for your suggestion.) Philipp
-----Original Message----- From: Wolfgang Kueter [mailto:wolfgang@shconnect.de] Sent: Friday, October 11, 2002 3:51 AM To: suse-security@suse.com Subject: Re: [suse-security] does anybody know such a log
On Fri, 11 Oct 2002 mailinglists@belfin.ch wrote:
Hello
our reverse proxy picked this up
[typical Nimda Code Red stuff] Is there some new IIS/Windows worm spreading?
New? How deep have you been sleeping during the last 14 months? The requests you see are typical Code Red and Nimda requests.
http://www.google.de/search?q=msadc+Nimda&ie=UTF-8&oe=UTF-8&hl =de&btnG=Google-Suche&meta=
You might like to tell you proxy to block these though the requests don't harm Apache.
Wolfgang -- shconnect Internet Service web: http://www.shconnect.de EMail: info@shconnect.de Bundesstrasse 2, 24392 Dollrottfeld, Fed. Rep. Germany phone: +49 4641 644
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here