|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: CGI scans from Strauss.udel.edu -- They're back
From: Elliot L. Tobin (elliot
UDEL.EDU)Date: Mon Apr 17 2000 - 15:50:47 CDT
- Next message: Labu Labi: "Re: sadmind hack?"
- Previous message: Network Security: "Re: CGI scans from Strauss.udel.edu -- They're back"
- In reply to: Jose Nazario: "CGI scans from Strauss.udel.edu -- They're back"
- Next in thread: Dragos Ruiu: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Reply: Elliot L. Tobin: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Reply: Dragos Ruiu: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Reply: Marcelo Magnasco: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Reply: Ryan Russell: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
strauss.udel.edu is our main student programming server.. of course
students can check their email on it too, but it's primary use is for
students to use the compilers, run (x)maple, and numerous other
applications.
not sure how relevant this is, but it was just upgraded to Solaris 8 this
past week.
-------------------------------------------------->
Elliot L. Tobin - UD/CiS '02 [elliotudel.edu]
Univ. of Delaware, Ranked #2 Wired Campus by Yahoo!
Computer and Information Sciences, Economics
Room : 302-837-8600 - Work : 302-831-0640
Pager: 302-451-2149 - Aolim: seinfeldeT
-------------------------------------------------->
On Sat, 15 Apr 2000, Jose Nazario wrote:
::Hi all,
::
::Last month I reported some campus wide probes by the machine
::strauss.udel.edu to our domain (cwru.edu), and many other domains turned
::up as being hit. A few messages back and forth and things were, we hoped,
::cleared up.
::
::It looks like their problem has returned. This is from my logs the other
::day:
::
::>From a web server:
::
::strauss.udel.edu - - [13/Apr/2000:00:24:43 -0400] "GET
::/cgi-bin/counter/nl/ord/lang=english(1);system("$ENV{HTTP_X}"); HTTP/1.0" 404 256
::
::>From a workstation:
::
::[13/Apr/1999:00:15:11] config: for host strauss.udel.edu trying to GET /c
::gi-bin/counter/nl/ord/lang=english(1);system("$ENV{HTTP_X}");, check-acl
::reports: ACL name httpd-nameserver-WRITE not defined
::
::A memo was sent on Thursday, but no response has yet been received. I know
::at least one other site admin has contacted me with the same scan, so it
::will most likely be widespread.
::
::I'd like to know what function strauss.udel.edu servrs. Is it a general
::udel.edu campus web proxy? By cutting it off at the border will I cut off
::every legitimate user, too, from udel.edu?
::
::Thanks,
::
::jose nazario josebiochemistry.cwru.edu
::PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
::Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
::
- Next message: Labu Labi: "Re: sadmind hack?"
- Previous message: Network Security: "Re: CGI scans from Strauss.udel.edu -- They're back"
- In reply to: Jose Nazario: "CGI scans from Strauss.udel.edu -- They're back"
- Next in thread: Dragos Ruiu: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Reply: Elliot L. Tobin: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Reply: Dragos Ruiu: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Reply: Marcelo Magnasco: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Reply: Ryan Russell: "Re: CGI scans from Strauss.udel.edu -- They're back"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]