RE: Strange scans

From: Bill Royds (lists@royds.net)
Date: 05/27/02

• Previous message: Russell Fulton: "Re: continues SCAN Proxy attempt"
• In reply to: Allen Smith: "Re: Strange scans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Bill Royds" <lists@royds.net>
To: "Allen Smith" <easmith@beatrice.rutgers.edu>
Date: Sun, 26 May 2002 22:25:06 -0400

Rogers assigns its host names according to the Ethernet address of the computer or router doing the DHCP preceded by letters CPE.
so CPE00045adecafc means that the MAC address of the sender was 00:04:5a:de:ca:fc which is in the IBM assigned MAC address space.

-----Original Message-----
From: Allen Smith [mailto:easmith@beatrice.rutgers.edu]
Sent: Sat May 25 2002 23:04
To: Ed Moyle; Brenna Primrose; incidents@securityfocus.com
Subject: Re: Strange scans

On Apr 15, 3:39pm, Ed Moyle wrote:
> > It's fairly obvious they were looking for IIS and other vulnerabilities,
> > but why does "GET http://www.microsoft.com/ HTTP/1.0" appear in it?
>
> Looks like it is testing to see if you are a proxy server...

Yes. One (from a former @Home host - why am I not surprised...) just checked
out our Apache server and the associated host (anon ftp attempts, for
instance). I checked the originating server myself to see if _it_ was acting
as a HTTP/SOCKS4-5 proxy, actually (via dsbl.org's testing programs - see
http://www.dsbl.org); will see what results I get. The "Broken Pipe" errors
in the below are due to that it's getting fed a large binary file - I do
that to crackers/worms/etcetera I'm able to recognize. I've sent an email to
abuse@rogers.com/domadmin@RCI.ROGERS.COM/domtech@RCI.ROGERS.COM; no non-auto
response as yet.

May 25 21:39:31 2E:cesario ftpd[241467]: twist CPE00045adecafc.cpe.net.cable.rogers.com to /usr/share/sbin/fftpd
May 25 21:39:31 4D:cesario fftpd[241467]: connection from CPE00045adecafc.cpe.net.cable.rogers.com at Sat May 25 21:39:31 2002
May 25 21:39:34 2E:cesario ftpd[237390]: twist CPE00045adecafc.cpe.net.cable.rogers.com to /usr/share/sbin/fftpd
May 25 21:39:34 4D:cesario fftpd[237390]: connection from CPE00045adecafc.cpe.net.cable.rogers.com at Sat May 25 21:39:34 2002
May 25 21:39:35 4D:cesario fftpd[241467]: 241467: 05/25/102 21:39:31 CPE00045adecafc.cpe.net.cable.rogers.com connected, duration 4 seconds
May 25 21:39:36 2E:cesario ftpd[241281]: twist CPE00045adecafc.cpe.net.cable.rogers.com to /usr/share/sbin/fftpd
May 25 21:39:36 2E:cesario ftpd[241389]: twist CPE00045adecafc.cpe.net.cable.rogers.com to /usr/share/sbin/fftpd
May 25 21:39:36 4D:cesario fftpd[241389]: connection from CPE00045adecafc.cpe.net.cable.rogers.com at Sat May 25 21:39:36 2002
May 25 21:39:36 4D:cesario fftpd[241281]: connection from CPE00045adecafc.cpe.net.cable.rogers.com at Sat May 25 21:39:36 2002
May 25 21:39:36 4D:cesario fftpd[241281]: FTP LOGIN REFUSED FROM CPE00045adecafc.cpe.net.cable.rogers.com, unknown
May 25 21:39:36 4D:cesario fftpd[241389]: 241389: 05/25/102 21:39:36 CPE00045adecafc.cpe.net.cable.rogers.com connected, duration 0 seconds
May 25 21:39:36 4D:cesario fftpd[241281]: 241281: 05/25/102 21:39:36 unknown@CPE00045adecafc.cpe.net.cable.rogers.com connected, duration 0 seconds
May 25 21:39:38 4D:cesario fftpd[237390]: 237390: 05/25/102 21:39:34 CPE00045adecafc.cpe.net.cable.rogers.com connected, duration 4 seconds
May 25 21:39:38 2E:cesario ftpd[241941]: twist CPE00045adecafc.cpe.net.cable.rogers.com to /usr/share/sbin/fftpd
May 25 21:39:38 4D:cesario fftpd[241941]: connection from CPE00045adecafc.cpe.net.cable.rogers.com at Sat May 25 21:39:38 2002
May 25 21:39:39 2E:cesario ftpd[242763]: twist CPE00045adecafc.cpe.net.cable.rogers.com to /usr/share/sbin/fftpd
May 25 21:39:39 4D:cesario fftpd[242763]: connection from CPE00045adecafc.cpe.net.cable.rogers.com at Sat May 25 21:39:39 2002
May 25 21:39:39 4D:cesario fftpd[241941]: FTP LOGIN REFUSED FROM CPE00045adecafc.cpe.net.cable.rogers.com, unknown
May 25 21:39:39 4D:cesario fftpd[241941]: 241941: 05/25/102 21:39:38 unknown@CPE00045adecafc.cpe.net.cable.rogers.com connected, duration 1 seconds
May 25 21:39:39 4D:cesario fftpd[242763]: 242763: 05/25/102 21:39:39 CPE00045adecafc.cpe.net.cable.rogers.com connected, duration 0 seconds
May 25 21:39:40 3D:cesario httpd[96927]: [error] [client 24.100.158.35] Invalid method in request ^E^A
May 25 21:39:40 3D:cesario httpd[121042]: [error] [client 24.100.158.35] Invalid method in request ^E^A^B
May 25 21:39:41 3D:cesario httpd[143202]: [error] [client 24.100.158.35] Invalid method in request ^A
May 25 21:39:41 3D:cesario httpd[97156]: [error] [client 24.100.158.35] Invalid method in request ^Z
May 25 21:39:42 2E:cesario ftpd[242320]: twist CPE00045adecafc.cpe.net.cable.rogers.com to /usr/share/sbin/fftpd
May 25 21:39:42 4D:cesario fftpd[242320]: connection from CPE00045adecafc.cpe.net.cable.rogers.com at Sat May 25 21:39:42 2002
May 25 21:39:43 4D:cesario fftpd[242320]: ANONYMOUS FTP LOGIN REFUSED FROM CPE00045adecafc.cpe.net.cable.rogers.com
May 25 21:39:44 4D:cesario fftpd[242320]: 242320: 05/25/102 21:39:42 CPE00045adecafc.cpe.net.cable.rogers.com connected, duration 2 seconds
May 25 21:39:45 3D:cesario httpd[92409]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/invalidfilename.htm
May 25 21:39:45 3D:cesario httpd[142597]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/invalidfilename.cgi
May 25 21:39:46 3D:cesario httpd[142455]: [error] [client 24.100.158.35] Invalid URI in request GET /../invalidfilename.htm HTTP/1.0
May 25 21:39:46 3D:cesario httpd[96923]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/invalidfilename.htm
May 25 21:39:47 3D:cesario httpd[141854]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/invalidfilename.cgi
May 25 21:39:47 3D:cesario httpd[96289]: [error] [client 24.100.158.35] Invalid URI in request GET /../invalidfilename.htm HTTP/1.0
May 25 21:39:48 3D:cesario httpd[140897]: [error] [client 24.100.158.35] Invalid method in request ^E^A
May 25 21:39:48 3D:cesario httpd[227639]: [error] [client 24.100.158.35] Invalid method in request ^E^A^B
May 25 21:39:48 3D:cesario httpd[142633]: [error] [client 24.100.158.35] Invalid method in request ^Z
May 25 21:39:48 3D:cesario httpd[140893]: [error] [client 24.100.158.35] Invalid method in request ^A
May 25 21:39:48 6D:cesario httpd[142412]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../sensepost.exe: 2 candidates
May 25 21:39:48 6D:cesario httpd[97118]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../sensepost.exe: 2 candidates
May 25 21:39:49 6D:cesario httpd[97268]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../cmd1.exe: 2 candidates
May 25 21:39:49 2E:cesario ftpd[226317]: twist CPE00045adecafc.cpe.net.cable.rogers.com to /usr/share/sbin/fftpd
May 25 21:39:49 6D:cesario httpd[141655]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../cmd1.exe: 2 candidates
May 25 21:39:49 4D:cesario fftpd[226317]: connection from CPE00045adecafc.cpe.net.cable.rogers.com at Sat May 25 21:39:49 2002
May 25 21:39:50 6D:cesario httpd[96950]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../cmd.exe: 2 candidates
May 25 21:39:50 6D:cesario httpd[142413]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../cmd.exe: 2 candidates
May 25 21:39:50 4D:cesario fftpd[226317]: ANONYMOUS FTP LOGIN REFUSED FROM CPE00045adecafc.cpe.net.cable.rogers.com
May 25 21:39:50 3D:cesario httpd[95395]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/sensepost.exe
May 25 21:39:51 3D:cesario httpd[142592]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/sensepost.exe
May 25 21:39:51 3D:cesario httpd[142625]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/cmd1.exe
May 25 21:39:51 3D:cesario httpd[142578]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/cmd1.exe
May 25 21:39:52 4D:cesario fftpd[226317]: 226317: 05/25/102 21:39:49 CPE00045adecafc.cpe.net.cable.rogers.com connected, duration 3 seconds
May 25 21:39:52 3D:cesario httpd[143240]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/cmd.exe
May 25 21:39:53 3D:cesario httpd[178078]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/cmd.exe
May 25 21:39:53 3D:cesario httpd[142666]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/invalidfilename.htm
May 25 21:39:53 3D:cesario httpd[97315]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/sensepost.exe
May 25 21:39:54 3D:cesario httpd[97180]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/sensepost.exe
May 25 21:39:54 3D:cesario httpd[143106]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/invalidfilename.cgi
May 25 21:39:54 3D:cesario httpd[96927]: [error] [client 24.100.158.35] Invalid URI in request GET /../invalidfilename.htm HTTP/1.0
May 25 21:39:54 3D:cesario httpd[142980]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/cmd1.exe
May 25 21:39:54 3D:cesario httpd[121042]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/cmd1.exe
May 25 21:39:54 3D:cesario httpd[142395]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/invalidfilename.htm
May 25 21:39:55 3D:cesario httpd[143202]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/cmd.exe
May 25 21:39:55 3D:cesario httpd[97156]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/invalidfilename.cgi
May 25 21:39:55 3D:cesario httpd[142554]: [error] [client 24.100.158.35] Invalid URI in request GET /../invalidfilename.htm HTTP/1.0
May 25 21:39:55 3D:cesario httpd[96892]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/cmd.exe
May 25 21:39:56 6D:cesario httpd[142597]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../sensepost.exe: 2 candidates
May 25 21:39:56 3D:cesario httpd[92409]: [error] [client 24.100.158.35] client denied by server configuration: /usr/local/apache/cgi-bin/sensepost.exe
May 25 21:39:56 3D:cesario httpd[96923]: [error] [client 24.100.158.35] client denied by server configuration: /usr/local/apache/cgi-bin/sensepost.exe
May 25 21:39:56 6D:cesario httpd[142455]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../sensepost.exe: 2 candidates
May 25 21:39:57 3D:cesario httpd[141854]: [error] [client 24.100.158.35] client denied by server configuration: /usr/local/apache/cgi-bin/cmd1.exe
May 25 21:39:57 6D:cesario httpd[96289]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../cmd1.exe: 2 candidates
May 25 21:39:57 3D:cesario httpd[140897]: [error] [client 24.100.158.35] client denied by server configuration: /usr/local/apache/cgi-bin/cmd1.exe
May 25 21:39:57 6D:cesario httpd[227639]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../cmd1.exe: 2 candidates
May 25 21:39:57 3D:cesario httpd[142633]: [error] [client 24.100.158.35] client denied by server configuration: /usr/local/apache/cgi-bin/cmd.exe
May 25 21:39:58 6D:cesario httpd[140893]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../cmd.exe: 2 candidates
May 25 21:39:58 3D:cesario httpd[142412]: [error] [client 24.100.158.35] client denied by server configuration: /usr/local/apache/cgi-bin/cmd.exe
May 25 21:39:58 6D:cesario httpd[97118]: [info] [client 24.100.158.35] Spelling fix: /..@/../..@/../cmd.exe: 2 candidates
May 25 21:39:58 3D:cesario httpd[97268]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_cnf/sensepost.exe
May 25 21:39:59 3D:cesario httpd[141655]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/sensepost.exe
May 25 21:39:59 3D:cesario httpd[96950]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_cnf/sensepost.exe
May 25 21:39:59 3D:cesario httpd[142413]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/sensepost.exe
May 25 21:39:59 3D:cesario httpd[95395]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_cnf/cmd1.exe
May 25 21:39:59 3D:cesario httpd[142592]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/cmd1.exe
May 25 21:40:00 3D:cesario httpd[142625]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_cnf/cmd1.exe
May 25 21:40:00 3D:cesario httpd[142578]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/cmd1.exe
May 25 21:40:00 3D:cesario httpd[143240]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_cnf/cmd.exe
May 25 21:40:00 3D:cesario httpd[96988]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/cmd.exe
May 25 21:40:01 3D:cesario httpd[142059]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_cnf/cmd.exe
May 25 21:40:01 3D:cesario httpd[178078]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/iisadmpwd/cmd.exe
May 25 21:40:01 3D:cesario httpd[142666]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_bin/sensepost.exe
May 25 21:40:01 3D:cesario httpd[97315]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/sensepost.exe
May 25 21:40:02 3D:cesario httpd[97180]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_bin/sensepost.exe
May 25 21:40:03 3D:cesario httpd[143106]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_bin/cmd1.exe
May 25 21:40:03 3D:cesario httpd[96927]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_bin/cmd1.exe
May 25 21:40:04 3D:cesario httpd[142980]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_bin/cmd.exe
May 25 21:40:04 3D:cesario httpd[121042]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/vti_bin/cmd.exe
May 25 21:40:05 3D:cesario httpd[143202]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/sensepost.exe
May 25 21:40:05 6D:cesario httpd[142395]: [info] [client 24.100.158.35] (32)Broken pipe: client stopped connection before send body completed
May 25 21:40:06 3D:cesario httpd[142554]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/cmd1.exe
May 25 21:40:06 6D:cesario httpd[97156]: [info] [client 24.100.158.35] (32)Broken pipe: client stopped connection before send body completed
May 25 21:40:07 6D:cesario httpd[96892]: [info] [client 24.100.158.35] (32)Broken pipe: client stopped connection before send body completed
May 25 21:40:08 6D:cesario httpd[142597]: [info] [client 24.100.158.35] (32)Broken pipe: client stopped connection before send body completed
May 25 21:40:09 6D:cesario httpd[92409]: [info] [client 24.100.158.35] (32)Broken pipe: client stopped connection before send body completed
May 25 21:40:09 3D:cesario httpd[142455]: [error] [client 24.100.158.35] File does not exist: /usr/local/apache/htdocs/samples/cmd1.exe
May 25 21:40:10 6D:cesario httpd[96923]: [info] [client 24.100.158.35] (32)Broken pipe: client stopped connection before send body completed

cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:35 -0400] "GET / HTTP/1.0" 200 4180 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:35 -0400] "GET http://www.microsoft.com/ HTTP/1.0" 200 4180 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:39 -0400] "GET / HTTP/1.0" 200 4180 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:40 -0400] "
" 501 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "
" "HTTP/0.9"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:40 -0400] "
" 501 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "
" "HTTP/0.9"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:40 -0400] "GET http://www.microsoft.com/ HTTP/1.0" 200 4180 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:41 -0400] "
" 501 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "
" "HTTP/0.9"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:41 -0400] "" 501 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "" "HTTP/0.9"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:44 -0400] "HEAD / HTTP/1.0" 200 0 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "HEAD" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:45 -0400] "OPTIONS / HTTP/1.0" 200 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "OPTIONS" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:45 -0400] "GET /invalidfilename.htm HTTP/1.0" 404 339 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/invalidfilename.htm" "/invalidfilename.htm" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:45 -0400] "GET /invalidfilename.cgi HTTP/1.0" 404 339 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/invalidfilename.cgi" "/invalidfilename.cgi" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:46 -0400] "GET /invalidfilename.htm HTTP/1.0" 404 339 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/invalidfilename.htm" "/invalidfilename.htm" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:47 -0400] "GET /invalidfilename.cgi HTTP/1.0" 404 339 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/invalidfilename.cgi" "/invalidfilename.cgi" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:48 -0400] "
" 501 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "
" "HTTP/0.9"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:48 -0400] "
" 501 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "
" "HTTP/0.9"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:48 -0400] "" 501 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "" "HTTP/0.9"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:48 -0400] "
" 501 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "
" "HTTP/0.9"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:50 -0400] "GET /iisadmpwd/sensepost.exe?/c+dir HTTP/1.0" 404 343 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:51 -0400] "GET /iisadmpwd/sensepost.exe?/c+dir HTTP/1.0" 404 343 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:51 -0400] "GET /iisadmpwd/cmd1.exe?/c+dir HTTP/1.0" 404 338 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:51 -0400] "GET /iisadmpwd/cmd1.exe?/c+dir HTTP/1.0" 404 338 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:52 -0400] "GET /iisadmpwd/cmd.exe?/c+dir HTTP/1.0" 404 337 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:52 -0400] "HEAD / HTTP/1.0" 200 0 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "HEAD" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:53 -0400] "OPTIONS / HTTP/1.0" 200 - "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/index.html" "/" "OPTIONS" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:53 -0400] "GET /iisadmpwd/cmd.exe?/c+dir HTTP/1.0" 404 337 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:53 -0400] "GET /invalidfilename.htm HTTP/1.0" 404 339 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/invalidfilename.htm" "/invalidfilename.htm" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:53 -0400] "GET /samples/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:54 -0400] "GET /samples/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:54 -0400] "GET /invalidfilename.cgi HTTP/1.0" 404 339 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/invalidfilename.cgi" "/invalidfilename.cgi" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:54 -0400] "GET /samples/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:54 -0400] "GET /samples/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:54 -0400] "GET /invalidfilename.htm HTTP/1.0" 404 339 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/invalidfilename.htm" "/invalidfilename.htm" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:55 -0400] "GET /samples/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:55 -0400] "GET /invalidfilename.cgi HTTP/1.0" 404 339 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/invalidfilename.cgi" "/invalidfilename.cgi" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:55 -0400] "GET /samples/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:58 -0400] "GET /vti_cnf/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:59 -0400] "GET /iisadmpwd/sensepost.exe?/c+dir HTTP/1.0" 404 343 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:59 -0400] "GET /vti_cnf/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:59 -0400] "GET /iisadmpwd/sensepost.exe?/c+dir HTTP/1.0" 404 343 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:59 -0400] "GET /vti_cnf/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:39:59 -0400] "GET /iisadmpwd/cmd1.exe?/c+dir HTTP/1.0" 404 338 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:00 -0400] "GET /vti_cnf/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:00 -0400] "GET /iisadmpwd/cmd1.exe?/c+dir HTTP/1.0" 404 338 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:00 -0400] "GET /vti_cnf/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:00 -0400] "GET /iisadmpwd/cmd.exe?/c+dir HTTP/1.0" 404 337 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:01 -0400] "GET /vti_cnf/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:01 -0400] "GET /iisadmpwd/cmd.exe?/c+dir HTTP/1.0" 404 337 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/iisadmpwd" "/iisadmpwd/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:01 -0400] "GET /vti_bin/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:01 -0400] "GET /samples/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:02 -0400] "GET /vti_bin/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:03 -0400] "GET /vti_bin/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:03 -0400] "GET /vti_bin/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:04 -0400] "GET /vti_bin/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:04 -0400] "GET /vti_bin/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:05 -0400] "GET /samples/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:06 -0400] "GET /samples/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:09 -0400] "GET /samples/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:10 -0400] "GET /samples/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:10 -0400] "GET /sensepost.exe?/c+dir HTTP/1.0" 404 333 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/sensepost.exe" "/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:11 -0400] "GET /samples/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/samples" "/samples/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:11 -0400] "GET /sensepost.exe?/c+dir HTTP/1.0" 404 333 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/sensepost.exe" "/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:12 -0400] "GET /cmd1.exe?/c+dir HTTP/1.0" 404 328 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/cmd1.exe" "/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:12 -0400] "GET /cmd1.exe?/c+dir HTTP/1.0" 404 328 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/cmd1.exe" "/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:13 -0400] "GET /cmd.exe?/c+dir HTTP/1.0" 404 327 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/cmd.exe" "/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:13 -0400] "GET /cmd.exe?/c+dir HTTP/1.0" 404 327 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/cmd.exe" "/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:16 -0400] "GET /vti_cnf/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:16 -0400] "GET /vti_cnf/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:17 -0400] "GET /vti_cnf/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:17 -0400] "GET /vti_cnf/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:19 -0400] "GET /vti_cnf/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:19 -0400] "GET /vti_cnf/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_cnf" "/vti_cnf/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:20 -0400] "GET /vti_bin/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:21 -0400] "GET /vti_bin/sensepost.exe?/c+dir HTTP/1.0" 404 341 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:21 -0400] "GET /vti_bin/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:22 -0400] "GET /vti_bin/cmd1.exe?/c+dir HTTP/1.0" 404 336 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:22 -0400] "GET /vti_bin/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:23 -0400] "GET /vti_bin/cmd.exe?/c+dir HTTP/1.0" 404 335 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/vti_bin" "/vti_bin/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:30 -0400] "GET /sensepost.exe?/c+dir HTTP/1.0" 404 333 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/sensepost.exe" "/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:31 -0400] "GET /sensepost.exe?/c+dir HTTP/1.0" 404 333 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/sensepost.exe" "/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:32 -0400] "GET /cmd1.exe?/c+dir HTTP/1.0" 404 328 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/cmd1.exe" "/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:32 -0400] "GET /cmd1.exe?/c+dir HTTP/1.0" 404 328 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/cmd1.exe" "/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:33 -0400] "GET /cmd.exe?/c+dir HTTP/1.0" 404 327 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/cmd.exe" "/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com - - [25/May/2002:21:40:34 -0400] "GET /cmd.exe?/c+dir HTTP/1.0" 404 327 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/cmd.exe" "/cmd.exe" "GET" "HTTP/1.0"

cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:06 -0400] "GET /msadc/sensepost.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/msadc/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:07 -0400] "GET /msadc/cmd.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/msadc/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:08 -0400] "GET /scripts/sensepost.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/scripts/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:09 -0400] "GET /scripts/cmd1.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/scripts/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:10 -0400] "GET /scripts/cmd.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/scripts/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:12 -0400] "GET /msadc/cmd1.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/msadc/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:25 -0400] "GET /msadc/sensepost.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/msadc/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:26 -0400] "GET /msadc/cmd1.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/msadc/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:27 -0400] "GET /msadc/cmd.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/msadc/cmd.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:28 -0400] "GET /scripts/sensepost.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/scripts/sensepost.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:29 -0400] "GET /scripts/cmd1.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/scripts/cmd1.exe" "GET" "HTTP/1.0"
cpe00045adecafc.cpe.net.cable.rogers.com unknown - [25/May/2002:21:40:30 -0400] "GET /scripts/cmd.exe?/c+dir HTTP/1.0" 200 65536 "-" "-" [24.100.158.35] "/usr/local/apache/htdocs/scripts/zero" "/scripts/cmd.exe" "GET" "HTTP/1.0"

-- 
Allen Smith			http://cesario.rutgers.edu/easmith/
September 11, 2001		A Day That Shall Live In Infamy II
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

---

• Previous message: Russell Fulton: "Re: continues SCAN Proxy attempt"
• In reply to: Allen Smith: "Re: Strange scans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Publishing Nimda Logs ... kiddie to simply cut and paste your host list into a bot script. ... I've also implemented this on a big web hosting server because Nimda/CR ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ... (Incidents) RE: MSLV.exe ... I belive the host was compromised by CodeRed in September. ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ... (Incidents) Re: New version of Code Red? ... this one came across every server in one class C yesterday from ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ... (Incidents) Re: netbuie.exe, scorpionsearch.com and fastcounter.bcentral.com ... > server sessions here. ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ... (Incidents) Re: [logs] nimda web server logs ... We were hit with 504 scans on one server, ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ... (Incidents)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > incidents  > 2002-05