Re: nimbda and other apache attacks
From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)Date: 10/25/01
- Previous message: Peter H. Lemieux: "Re: nimbda and other apache attacks"
- In reply to: Brian Clifton: "nimbda and other apache attacks"
- Next in thread: Brian Smith: "Re: nimbda and other apache attacks"
- Next in thread: terry white: "Re: nimbda and other apache attacks"
- Reply: Brian Smith: "Re: nimbda and other apache attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Oct 2001 14:52:55 -0400 (EDT) From: Jose Nazario <jose@biocserver.BIOC.cwru.edu> To: Brian Clifton <brian@omegadm.co.uk> Subject: Re: nimbda and other apache attacks Message-ID: <Pine.LNX.4.30.0110251451240.28607-100000@biocserver.BIOC.CWRU.Edu>
On Thu, 25 Oct 2001, Brian Clifton wrote:
> grep -c "cmd.exe" weekly/error_log > nimbda.count
> grep -v "cmd.exe" weekly/error_log > clean_error_log
you may be missing several non-nimda attacks which are worth noting. nimda
isn't the only method of attemping cmd.exe executions on IIS (which show
up in apache).
____________________________
jose nazario jose@cwru.edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
- Previous message: Peter H. Lemieux: "Re: nimbda and other apache attacks"
- In reply to: Brian Clifton: "nimbda and other apache attacks"
- Next in thread: Brian Smith: "Re: nimbda and other apache attacks"
- Next in thread: terry white: "Re: nimbda and other apache attacks"
- Reply: Brian Smith: "Re: nimbda and other apache attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
