RE: code red---- on system that is already (and has been) patched
From: Kurt Keys (kkeys@sddpc.org)
Date: 03/03/03
- Previous message: Mike Heitz: "RE: code red---- on system that is already (and has been) patched"
- Maybe in reply to: Sandy Ryan: "code red---- on system that is already (and has been) patched"
- Next in thread: Levinson, Karl: "RE: code red---- on system that is already (and has been) patched"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 03 Mar 2003 13:19:17 -0800 From: "Kurt Keys" <kkeys@sddpc.org> To: focus-ms@securityfocus.com, sryan@seewolf.com, mikeheitz@upshotmail.com
On the following web-site a list of HTTP Status codes is found. For a code 200 it says:
200 OK
The request has succeeded. The information returned with the response is dependent on the method used in the request, for example:
GET an entity corresponding to the requested resource is sent in the response;
HEAD the entity-header fields corresponding to the requested resource are sent in the response without any message-body;
POST an entity describing or containing the result of the action;
TRACE an entity containing the request message as received by the end server.
Respectfully,
Kurt M. Keys
_______________________________
Kurt M. Keys
Information Security Specialist
San Diego Data Processing Corporation
858-581-7844
kkeys@sddpc.org
_______________________________
Bill Martin
Information Security Officer
San Diego Data Processing Corporation
858-581-9726
bmartin@sddpc.org
_______________________________
>>> "Mike Heitz" <mikeheitz@upshotmail.com> 03/03/03 11:29AM >>>
I'm not 100% sure Sandy, but when I see Code Red hits (my server is
patched, and patched on top of patched...) I see a 404 reply instead of
a 200...
mike heitz ** sr it manager ** UPSHOT
312-943-0900 x5190
-----Original Message-----
From: Sandy Ryan [mailto:sryan@seewolf.com]
Sent: Monday, March 03, 2003 10:47 AM
To: focus-ms@securityfocus.com
Subject: code red---- on system that is already (and has been) patched
well - I doubt that the log is right - because I think the 200 implies
that its not infected - by when my customer sees his report - and path
taken through the site he sees worm.com
here's the log (simplified to get through the moderator)
GET /default.ida
NN----NN%u9090%u6858%ucbd3%u7801...%u9090%u9090%u8190%u00c3%u0003%u8b00%
u531b%u53ff%u0078%u0000%u00=a 200 0 206 4039 266 HTTP/1.0 [you know the
url]- - -
- Previous message: Mike Heitz: "RE: code red---- on system that is already (and has been) patched"
- Maybe in reply to: Sandy Ryan: "code red---- on system that is already (and has been) patched"
- Next in thread: Levinson, Karl: "RE: code red---- on system that is already (and has been) patched"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
