RE: Strange IIS Pattern...

From: Mark L. Jackson (codewizard@lvcm.com)
Date: 06/05/02


From: "Mark L. Jackson" <codewizard@lvcm.com>
To: "Antonio Stano" <astano@tele-servizi.com>, <incidents@securityfocus.com>
Date: Wed, 5 Jun 2002 12:00:22 -0700

Off the top of my head I believe that is a Dreamweaver extension. It is
probably integrated into Coldfusion by now. I am guessing this is part of
the new MX package.

Hope that helps.

Mark

> Found on a 2000 box, not compromised thousand of entries with different
> source ip...
> no reference anywhere for this type of attack..
> what do you think?
>
>
> 2002-06-04 15:15:48 xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx 80 GET
> /mmres:/mmres:/mmres:/mmres:/mmres:/mmres:/mmres:/mmres:/mmres:/mm
> res:/mmres
> :/mmres:/mmres:/mmres:/mmres:/mmres:/mmres:/mmres:/mmres:/mmres:/m
> mres:/mmre
> s:/mmres:/mmres:/mmres:/mmres:/mmres:/user_interface_small.css - 404
> Mozilla/4.08+[en]+(Win95;+I+;Nav)
>
> Antonio Stano
> http://www.securityinfos.com
>
>
>
> ------------------------------------------------------------------
> ----------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • RE: Malicious web sites
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: [incident] IIS defacement through FTP, possible DoS
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Distributed ICMP/UDP scan or attack?
    ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ...
    (Incidents)
  • Re: strange attacks - flood udp packets from 1030 to msql
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Can anyone identify this backdoor?
    ... > and tracking system please see: http://aris.securityfocus.com ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management ...
    (Incidents)