• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

network traffic

S

SuperT

Senior member
can anyone tell me where to look on my NT4.0 proxyserver, that is running IIS (with the patch), to see if code red is trying to get in my port 80. thankyou for any help.🙂
 
winnt\system32\logfiles\w3svc1

those are your IIS log files
the easiest way to spot Code Red is to seach for entries that look like this

2001-08-02 01:08:32 195.xxx.xxx.xxx - 1xx.xxx.xxx.xxx 80 GET /default.ida
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%
ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%
u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 200 -

the long string of N's and the default.ida requests stand out pretty well.

good luck

DnetMHZ
 
thanks dnet. i checked it out. everything looks good, maybe that patch really does work! thanks again.😉
 
chances are you will still see these requests in the log even with the patch since the worm
still tries to see if you have the hole.. but if you are patched these attempts are harmless other than using some bandwidth.

DnetMHZ
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top