FW: Anyone know this scan/tool?

From: McCammon, Keith (Keith.McCammon@eadvancemed.com)
Date: 07/29/02 

Date: Mon, 29 Jul 2002 16:53:45 -0400
From: "McCammon, Keith" <Keith.McCammon@eadvancemed.com>
To: <focus-ms@securityfocus.com>

Damned Mondays. Typing faster than I'm thinking...

And by vulns I am referring to the FP exploits related to owssrv.dll, not necessarily these strings. The strings themselves don't appear malicious, although they could be a very lame recon method (again, doubtful).

Probably a fluke.

-----Original Message-----
From: McCammon, Keith
Sent: Monday, July 29, 2002 4:47 PM
To: 'Mason, Samuel'; focus-ms@securityfocus.com
Subject: RE: Anyone know this scan/tool?

Not sure that it's any mainstream tool, although any number of tools could do this. The timestamps are interesting. The first looks slow enough that it could have been checked manually. Could be a crude script of some sort.

As far as the vulnerabilities are concerned, they're no big secret, and have been around for some time...

Cheers

Keith

> -----Original Message-----
> From: Mason, Samuel [mailto:smason@state.mt.us]
> Sent: Monday, July 29, 2002 1:53 PM
> To: focus-ms@securityfocus.com
> Subject: Anyone know this scan/tool?
>
>
> I had a question regarding a scan on a webserver. This scan
> came from two
> different places and was short. They were looking for the
> same two files as
> you can see:
>
> [Fri Jul 26 12:37:14 2002] [error] [client 216.220.27.240]
> File does not
> exist: /usr/HTTPServer/htdocs/en_US/_vti_bin/owssvr.dll
> [Fri Jul 26 12:37:24 2002] [error] [client 216.220.27.240]
> File does not
> exist: /usr/HTTPServer/htdocs/en_US/MSOffice/cltreq.asp
>
> [Sat Jul 27 18:52:22 2002] [error] [client 209.158.158.201]
> File does not
> exist: /usr/HTTPServer/htdocs/en_US/_vti_bin/owssvr.dll
> [Sat Jul 27 18:52:22 2002] [error] [client 209.158.158.201]
> File does not
> exist: /usr/HTTPServer/htdocs/en_US/MSOffice/cltreq.asp
>
> I did a Google search on the scan path with no results.
> Thanks for any help!
>
> Regards,
>
> Samuel Mason
> Information Security
> State of Montana
>
>

Relevant Pages

  • Re: Null terminated strings: bad or good?
    ... Or are you referring to changing the ... underlying implementation of strings to counted strings? ... Language change with change to underlying implementation (e.g. ...
    (comp.lang.c)
  • Re: soc.men: The Gold List
    ... Andre is a creepy psychopath. ... pedigree on this group. ... strings break." ... I wasn't referring to the person, ...
    (soc.men)
  • Re: "==" operator mysteries
    ... >I'd assume it's referring to the memory address of those two strings, ... >what am I missing? ...
    (comp.lang.java.help)
  • Re: Why? [was Re: Cantor`s powerset theorem is false?]
    ... What strings of symbols? ... then well formed formulas (certain strings of ... infinite numbers and there exist infinitely long proofs ... Or you're referring to some kind of system than those that are referred ...
    (sci.logic)