Re: Fwd: Re: please read: very odd network traffic
On Tue, 7 Aug 2001, William Leese wrote:
>On Tuesday 07 August 2001 18:59, Dave Sherohman wrote:
>> On Tue, Aug 07, 2001 at 06:53:38PM +0200, William Leese wrote:
>> > there's more though. but again i'm not sure.. for the first time i've
>> > seen a few odd requests being logged in boa, just a small snippet:
>> >
>> >
>> > [07/Aug/2001:06:26:03 +0000] request from 195.38.105.70 "GET
>> > /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> >XXXX
>> > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> >XXXX
>> > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>> >XXXX
>> > XXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
>> >u780 1%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>> > HTTP/1.0" ("/var/www/default.ida"): document open: No such file or
>> > directory
>>
>> Code Red Mk. II. See any of the recent Code Red threads or incidents.org
>> for more information.
>
>Thanks to those who replied.
>
>This is a little starteling. Although the meter rarely goes above 2.6K it's
>constant. Not something I'd fear bring the internet to it's knees but it's
>nothing i've seen before on my home connection.
Multiply it out by 100 threads per CR worm and the thousands of CR
carriers now. It WILL probably bring the Internet to its knees if some
IIS admins don't start pulling their heads out.
>
>
--
There is no problem so great that it cannot be solved with suitable
application of High Explosives.
Who is John Galt? galt@inconnu.isu.edu, that's who!
Reply to: