[40244] in North American Network Operators' Group
Re: Code Red Hammering Away
daemon@ATHENA.MIT.EDU (Sameh Ghane)
Sat Aug 4 17:26:43 2001
Date: Sat, 4 Aug 2001 23:24:29 +0200
From: Sameh Ghane <sw@anthologeek.net>
To: NANOG <nanog@merit.edu>
Message-ID: <20010804232429.B62580@anthologeek.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.21.0108041708330.66103-100000@pi.yip.org>; from melange@yip.org on Sat, Aug 04, 2001 at 05:14:09PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
Le (On) Sat, Aug 04, 2001 at 05:14:09PM -0400, Bob K ecrivit (wrote):
>
> > > 4:53:48pm|melange@host:/home/melange> grep default.ida /var/log/httpd-access.log | grep XXXXX | wc -l
> > > 6
> >
> > I've started seeing LOTS of XXXXX hits as of approx 1 hour ago.
> > 5 in one hour and counting...
>
> Just for reference, here's the logs of this new variant:
Pretty interesting, maybe all nanog-post subscribers could share their
experience with this worm too. Especially if you've seen a lot of non-[XN]
alphanumerical chars.
Sorry, but this worm caused more damages to mailing lists than anything
else, on the Internet. Looks more like a chain-letter...
