I received some rather wierd hits on my webserver today as welll, a lot of
hits from different ips all containing a line of capital NNNNNNNNNNN....
anyone else see anything like this... exactly one of the messages was as
follows:
165.138.196.11 - - [19/Jul/2001:10:59:16 -0500] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%
ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%
u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%
u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 334
I have had exactly 26 hits like this each ip is different.
l8r,
On Thursday 19 July 2001 18:20, you wrote:
> Some joker started scanning my ports VERY heavily today. I'm also getting
> beaten by that new IDA worm (the IIS one). Some kiddies have a shit load of
> scripts and are trolling for vulnerable machines (thank god for
> apache/linux). Portsentry and my other tools are doing their best, but
> we're still getting hammered. hang in there
--
Bill Day A.K.A. BadMan
RLU#188133 RLM#83358 http://counter.li.org
irc.openprojects.net #linux-users
MicroShaft is the only company that introduces
an OS that is worse than the one it replaces.
<--------------------------------------------------->
8:30pm up 8 days, 19:45, 15 users, load average: 0.00, 0.00, 0.00
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users