North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Virus in the wild
Nils Ketelsen wrote: A very important question would be: do you see these URL's on ANY-HOST/permutation or SPECIFIC-HOSTS/permutation?We see a lot of requests of the following format in our proxy logs: 1105979310.010 240001 10.3.12.211 TCP_MISS/504 1458 GET http://84.120.14.236:25204/2005/1/17/11/23/32/ - NONE/- text/html 1105979314.020 240009 10.3.12.211 TCP_MISS/504 1458 GET http://67.171.84.104:25238/2005/1/17/11/23/41/ - NONE/- text/html 1105979316.077 240068 10.3.12.211 TCP_MISS/504 1460 GET http://213.188.227.50:25401/2005/1/17/11/23/43/ - NONE/- text/html Gadi.
|