Need help to find web server attacks signature

From: Maxime Ducharme (maxime_at_pandore-design.com)
Date: 10/22/03

  • Next message: Muhammad Naseer: "Re: Need help to find web server attacks signature" 
    To: <incidents@securityfocus.com>
Date: Wed, 22 Oct 2003 13:43:13 -0400

    Hi all,
        i'd need help to identify an attack that happened on one of our
    customer's web server yesterday, I put the log file here :
    http://www.pandore-design.com/security/2003-10-21-IIS-attack.txt

    I see some attacks that seem to be a security scanner tool,
    and some attacks which targets specific pages of the web site
    (where we begin to see 200 responses from the web server).

    Someone recognize a tool / virus / worm in this ?

    Thanks in advance for help

    ---------------------------------------------------------------
      Maxime Ducharme
      Administrateur reseau, Programmeur

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
    ----------------------------------------------------------------------------

  • Next message: Muhammad Naseer: "Re: Need help to find web server attacks signature"

    Relevant Pages

    • [NEWS] Multiple Red-M 1050 Blue Tooth Access Point Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... compatible devices looking to obtain IP network access. ... * Red-M 1050 Access Point Management Web Server DoS ... A number of other IP/Layer2 based attacks for traffic redirection ...
      (Securiteam)
    • Re: Security risks when running IIS without static ip as localhost
      ... > access this web server, it is purely for developing asp pages which will ... > network to a security risk. ... For example, one vector of compromise is someone receives, say, a worm email ...
      (microsoft.public.inetserver.iis.security)
    • Re: Fwd: Penetration test of 1 IP address
      ... the client had asked him if they could test the "security" of the boxes ... on his network, and they agreed that they could. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • REVIEW: "Hacking Exposed", Stuart McClure/Joel Scambray/George Kurtz
      ... Network Security Secrets and Solutions, ... Part three deals with network weaknesses. ... a few denial of service attacks. ...
      (comp.security.misc)
    • repost from the blackhat convention about web parts/apps
      ... a South African security consultant. ... Chief of Staff," provides an overview showing what attacks have ... commonly trying to intrude upon your network ... Web apps can encapsulate complex business ...
      (microsoft.public.sharepoint.portalserver.development)