> Looks like the Code Red attack. > > If you are running IIS on this same box, just install M$'s URLScan, and > it will stop most of it. > > Also it looks like they are spoofing a local ip (192.168.1.1). >
192.162.1.1 is an interface on a firewall that proxies HTTP traffic; I will look at firewall logs today and hopefully find where this is coming from. We don't run IIS. Dan Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
