|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Bryan Willis (BWillis
dynamicsdirect.com)Date: Wed Aug 01 2001 - 16:27:34 CDT
A patched system will still show a status code of 200 because a page is
displayed saying that the query is invalid. I was seeing the 200's in my
logs also, so I removed the .ida and .idq mappings on my sites, removed
idq.dll from the system32 directory, made sure index server was uninstalled
and made sure the system was patched. When someone tries to exploit the
box, they now receive a 404 error.
Bryan
-----Original Message-----
From: Portnoy, Gary [mailto:gportnoybelenosinc.com]
Sent: Wednesday, August 01, 2001 10:57 AM
To: 'Powers, James L.'; incidentssecurityfocus.com
Subject: RE: Code Red hits
James,
The HTTP code says 200, meaning successful.. Double check the patches on the
boxes to make sure you aren't contributing....
-Gary-
-----Original Message-----
From: Powers, James L. [mailto:JLPowerscmhmetro.net]
Sent: Wednesday, August 01, 2001 1:30 PM
To: incidentssecurityfocus.com
Subject: Code Red hits
Time is GMT. We are using eyeball scanners on our log files.
2001-08-01 17:06:02 209.27.247.5 - GET /default.ida
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u90
90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u
9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 171 4039 94
80 HTTP/1.0 - - -
2001-08-01 17:12:50 203.232.75.19 - GET /default.ida
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u90
90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u
9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 171 4039 578
80 HTTP/1.0 - - -
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]