Quoting Allen Umlas ([EMAIL PROTECTED]): > 202.54.67.195 - - [17/Feb/2003:16:09:02 +0800] "0^A^E6p?^??} > 6Z???h9??A^E6p?^??} 6Z???h9?4.0 ($ > 202.54.67.195 - - [17/Feb/2003:16:09:51 +0800] "0^A^E6p?^??} > 6Z???h9???0^A^E6p?^??} 6Z???h9? "$ > 202.54.67.195 - - [17/Feb/2003:16:10:08 +0800] > "???U4?&^_??$^_??a?p???U4?&^_??$^_??a?p?$0 1501 > 202.138.177.36 - - [17/Feb/2003:16:13:34 +0800] "GET > /webmail/src/left_main.php HTTP/1.1" 200 1902 > 202.138.135.3 - - [17/Feb/2003:16:15:25 +0800] "GET > /scripts/root.exe?/c+dir HTTP/1.0" 404 283 "-$ > 202.138.135.3 - - [17/Feb/2003:16:15:39 +0800] "GET /MSADC/root.exe?/c+dir > HTTP/1.0" 404 281 "-" $
[...] My guess: Code Red, Nimda, or some other automated attack that's probing for vulnerable NT/IIS machines. Comme d'habitude. -- Cheers, A: No. Rick Moen Q: Should I include quotations after my reply? [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
