Getting probed by Code Red
Anybody here getting probed yet? My server at home got hit 4 times today (that I know of). I just started playing with ODBC logging to SQL so I could generate reports regarding usage, when I noticed this nice new parameters field that I have never bothered with before.
Anybody here getting probed yet? My server at home got hit 4 times today (that I know of). I just started playing with ODBC logging to SQL so I could generate reports regarding usage, when I noticed this nice new "parameters" field that I have never bothered with before. Well, the reason why I noticed is that there are a bunch of "N"s followed by a specific series of characters. In addition, all four IPs were IIS boxes (1 from Spain, 2 from The Netherlands, and 1 from South Korea), all four were looking for the same file, and all four passed the same amount of info (via the parameter string, I imagine). I just wondered how many others have been swept here.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Yep, since 13 September we've been getting an insane number of these scans. This kind of thing:
2001-09-19 23:59:40 66.0.101.74 - xx.xx.xx.xx 80 GET /scripts/root.exe /c+dir 404 -
2001-09-19 23:59:40 66.0.101.74 - xx.xx.xx.xx 80 GET /MSADC/root.exe /c+dir 403 -
Got 40657 of them in just one day
2001-09-19 23:59:40 66.0.101.74 - xx.xx.xx.xx 80 GET /scripts/root.exe /c+dir 404 -
2001-09-19 23:59:40 66.0.101.74 - xx.xx.xx.xx 80 GET /MSADC/root.exe /c+dir 403 -
Got 40657 of them in just one day
