Re: Frequent Strange Requests

To: debian-isp@lists.debian.org
Subject: Re: Frequent Strange Requests
From: Michael Blickenstorfer <blicki@cyberlink.ch>
Date: Thu, 13 Sep 2001 07:18:09 +0200
Message-id: <[🔎] 20010913071809.G4581@dns1.cyberlink.ch>
In-reply-to: <[🔎] NFBBKHFPBBBOOHHCMIECEEDICAAA.auke@rensen.dyndns.org>; from auke@rensen.dyndns.org on Wed, Sep 12, 2001 at 07:22:06PM +0200
References: <[🔎] NFBBKHFPBBBOOHHCMIECEEDICAAA.auke@rensen.dyndns.org>

Hi

Yes. This is the code red - worm.

It passed also our systems. And the only think, as a good user, you can
inform the one sending this request to you.

The IP-Adress got the hostname "ppp-2-112.cvx3.telinco.net". It seams,
that this comes from an dialup-connection.
More interesting is an "whois" with this ip:
-----------------------------------------------------------------------
Telinco Internet Services plc (TELINCO2-DOM)
   Sirius House Alderly Road
   Chelford N/A, SK11 9AP
   UK

   Domain Name: TELINCO.NET

   Administrative Contact, Technical Contact, Billing Contact:
      Telinco  (TE360-ORG)  naming@TELINCO.NET
      Telinco Plc
      Sirius House, Alderley Road
      Chelford, Cheshire SK11 9AP
      UK
      +44 (0)1625 862 200
      Fax- - +44 (0)1625 860 251
-----------------------------------------------------------------------

You may write an email to them. The rest should be made there...

Regards

Michael Blickenstorfer
Chef System Administrator


On Wed, Sep 12, 2001 at 07:22:06PM +0200, Auke Rensen wrote:
> L.S.,
> 
> While scanning my Apache Access logs I recently discovered that my webserver
> gets some strange requests. While just guessing I can say I get these
> requests about 10 to 25 times a day.
> My site is just a personal site, no commercial activities are done here.
> 
> 212.1.145.112 - - [12/Sep/2001:15:37:33 +0200] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
> u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> 
> Can anybody tell me what this is, whether to worry about it and what to do
> about it.
> 
> Thanks in advance,
> 
> 
> Auke Rensen
> System Engineer
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-- 
Cyberlink Internet Services AG        Tel +41 1 287 2992
SystemAdministration                  Tel +41 1 287 2993
Richard Wagnerstrasse 6               Fax +41 1 287 2991
CH-8002 Zuerich             mblickenstorfer@cyberlink.ch
                                 http://www.cyberlink.ch

Reply to:

References:
- Frequent Strange Requests
  - From: "Auke Rensen" <auke@rensen.dyndns.org>

Prev by Date: Re: Ethernet Card recommendation
Next by Date: Re: Timeout of DNS
Previous by thread: Re: Frequent Strange Requests
Next by thread: Re: Frequent Strange Requests
Index(es):
- Date
- Thread