-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm not 100% certain, but I think it may be a request generated by the
Code Red worm, trying to find an NT IIS web-server to infect. I've seen
similar requests coming in on my DSL router.
Dave
On Saturday 04 August 2001 13:57, thus spake Jon Doe:
> I have this in my access log for apache, is this normal?
>
> 65.84.202.130 - - [04/Aug/2001:14:41:51 -0400] "GET
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>XXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090
>%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%
>u0000%u00=a HTTP/1.0" 404 306 "-" "-"
- --
"Nihil tam munitum quod non expugnari pecunia possit." (No
fortification is such that it cannot be subdued with money.)
- - Marcus Tullius Cicero, 106-43 B.C.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7bEiRA68l26XsZUYRAoLIAKDe76Z4FSUw/3rWp9FRlLEIhjG/pwCfdGbG
8iOQQZX4nIpUbHvM9ShhaAo=
=mlmW
-----END PGP SIGNATURE-----
