-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 05 August 2001 11:20, DM wrote:
> could this be really CODE RED in action? the worm
> scans the range of ips of an infected machine and
> verifies if there are MIIS lying around to conquer. i
> got a lot of those funny default.idaXXXXXXX something
> on my apache logs and they are coming from a variety
> of ip addresses ... of which when i try to check are
> either saying "hacked by chinese" or "page under
> construction".
So that's what all those "/default.ida?XXXX" and "/default.ida?NNNN"
entries in my access_log are...
- --
+------------------------------------------------------------+
| Ron Johnson, Jr. Home: [EMAIL PROTECTED] |
| Jefferson, LA USA http://ronandheather.dhs.org |
| |
| "Our computers and their computers are the same color. The |
| conversion should be no problem!" |
| Unknown |
+------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7bYovjTz5dS9Us5wRAoeiAJ9i5JdBXEsyPIC3v8fmtOc7CIR2JgCfZ9Y0
eUlWtR4o7C9SSTUy7apOQOw=
=fdFt
-----END PGP SIGNATURE-----
