RE: Code Red Sniffer
- From: "Adrian Schmidt" <aschmidt@xxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 8 Aug 2001 11:02:26 +0300
I ran the script and it didn't find anything, but it said at the end of
scipt's log something about "default.ida". How can I know the meaning of the
number at the end of each line (in this case "302"?
#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2001-08-08 00:48:40
#Fields: time c-ip cs-method cs-uri-stem sc-status
00:48:40 211.170.96.6 GET /default.ida 302
01:31:24 193.12.13.24 GET /default.ida 302
01:53:28 193.230.138.138 GET /default.ida 302
03:37:28 193.255.198.21 GET /default.ida 302
03:54:31 193.230.138.138 GET /default.ida 302
05:20:25 193.171.7.35 GET /default.ida 302
06:56:10 193.230.219.230 GET / 302
-----Original Message-----
From: Javier Gonzalez [mailto:Javier@xxxxxxxxxx]
Sent: miercuri 8 august 2001 10:36
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Code Red Sniffer
http://www.ISAserver.org
I've only this type of trace in my
c:\winnt\system32\logfiles\w3svc1\ex010808.log
#Software: Microsoft Internet Information Server 4.0
#Version: 1.0
#Date: 2001-08-08 00:00:39
#Fields: time c-ip cs-method cs-uri-stem sc-status
00:00:39 62.22.113.134 GET /default.ida 400
00:02:42 62.22.113.134 GET /default.ida 400
00:25:05 62.22.113.134 GET /default.ida 400
00:27:07 62.22.113.134 GET /default.ida 400
00:29:09 62.22.113.134 GET /default.ida 400
00:30:20 192.168.1.22 - - 200
00:31:12 62.22.113.134 GET /default.ida 400
and so on ....
Nothing in the proxy logs, neither packet filter, nor w3 nor ws.
Javier.
Other related posts:
