Re: [cobalt-security] what is this default.ida line all about

["Sohail A. Rahim" <snake.charmer@xxxxxxxxxxx>]

that's one of the code red worm daemons trying to talk to your machine. if 
i remember correctly there was a detailed conversation about it on this 
list a week or two ago.

Sohail.

At 08:08 AM 8/13/2001 -0400, CDNS Administration wrote:
> [06/Aug/2001:05:47:07 -0600] "GET 
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a 
> HTTP/1.0" 404 205 "-" "-"
>
> Can anyone tell me what these get requests for default.ida  with a big 
> long string, are?
>
> I expect it's some sort of buffer overflow attempt, trying to exploit a 
> known exploit.  Anyone know about this?
>
> Eric
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security

______________________________________________________

Sohail A. Rahim
www.lithiumrain.com