Re: unexpected log entries

From: Jill Tovey (
Date: 12/10/02

  • Next message: "AW: XP admin shares"
    From: "Jill Tovey" <>
    To: "Paolo Mattiangeli" <>, <>
    Date: Tue, 10 Dec 2002 07:51:48 -0000

    Hi Paolo,

    This is a log for Code Red which does indeed attempt a buffer over overflow
    using the idq.dll ISAPI extension mapping vulnerability.

    Check for the presence of the directory %systemdrive%\notworm, and get the
    following patch:

    Kind Regards,

    Jill Tovey

    ----- Original Message -----
    From: "Paolo Mattiangeli" <>
    To: <>
    Sent: Saturday, December 07, 2002 3:13 PM
    Subject: unexpected log entries

    > Hi everybody, I guess maybe someone out there can help me with this. I
    > a w2k server running IIS 5 and keep receiving what I think to be "probes"
    > my web server. Today I found in the log the following entry:
    > 2002-12-07 14:33:32 - 80 GET /default.ida
    > 9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 -
    > which I guess to be a tentative of buffer overrun on my web server. I have
    > some difficulties to understand what is the matter here, but the thing
    > most worries me is the final "200 - " which in some way could mean that
    > response of the server is positive (in most cases it ist 404 - or 500 -).
    > Could someone help?
    > Thanks and regards
    > pamatt

    Relevant Pages

    • Problems using zlib - any help?
      ... a web server is concerned - it's not going to be a full-blown browser, ... parse out the zipped data to a buffer without problems. ... I've tried using inflateSync - no joy - inflateSyncreturns Z_OK, ... pointer to some source code that works on "in memory" compressed data? ...
    • Re: Whats this C code?
      ... use as a web server, and for whatever reason, your web ... characters from the client (the person using the web ... memory (called a "buffer") to hold those characters. ... programs use a structure called a "stack" in memory ...
    • CVE-2009-3586: CoreHTTP web server off-by-one buffer overflow vulnerability
      ... CoreHTTP web server versions <= ... Operations within the Bounds of a Memory Buffer ... The vulnerability can lead to denial of service ...
    • Re: How to remove blanks at runtime??
      ... [Top posting to annoy dimwits who can't cope with posting wherever is most appropriate.] ... PHP sends it to the web server; the web server may send it immediately ... or buffer it further, but eventually it will send it to the client. ...
    • Re: How to remove blanks at runtime??
      ... buffer, and more CPU cycles to process the buffer. ... The reason being that if you don't use output buffering, PHP can send data to the web server while the page is being built. ... As soon as a buffer gets full, PHP sends it to the web server; the web server may send it immediately or buffer it further, but eventually it will send it to the client. ...