Getting probed by Code Red
This is a discussion about Getting probed by Code Red in the Windows Networking category; Anybody here getting probed yet? My server at home got hit 4 times today (that I know of). I just started playing with ODBC logging to SQL so I could generate reports regarding usage, when I noticed this nice new parameters field that I have never bothered with before.
Anybody here getting probed yet? My server at home got hit 4 times today (that I know of). I just started playing with ODBC logging to SQL so I could generate reports regarding usage, when I noticed this nice new "parameters" field that I have never bothered with before. Well, the reason why I noticed is that there are a bunch of "N"s followed by a specific series of characters. In addition, all four IPs were IIS boxes (1 from Spain, 2 from The Netherlands, and 1 from South Korea), all four were looking for the same file, and all four passed the same amount of info (via the parameter string, I imagine). I just wondered how many others have been swept here.
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Aug 2
Sep 19
0
7 minutes
Responses to this topic
Yep, since 13 September we've been getting an insane number of these scans. This kind of thing:
2001-09-19 23:59:40 66.0.101.74 - xx.xx.xx.xx 80 GET /scripts/root.exe /c+dir 404 -
2001-09-19 23:59:40 66.0.101.74 - xx.xx.xx.xx 80 GET /MSADC/root.exe /c+dir 403 -
Got 40657 of them in just one day
2001-09-19 23:59:40 66.0.101.74 - xx.xx.xx.xx 80 GET /scripts/root.exe /c+dir 404 -
2001-09-19 23:59:40 66.0.101.74 - xx.xx.xx.xx 80 GET /MSADC/root.exe /c+dir 403 -
Got 40657 of them in just one day
