Re: Need help to find web server attacks signature
From: Fatih Qzavc=FD?= (holden_at_siyahsapka.com)
Date: 10/23/03
- Previous message: Brian Collins: "Re: Bogus DNS traffic"
- In reply to: Muhammad Naseer: "Re: Need help to find web server attacks signature"
- Next in thread: David Gillett: "Bogus DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Incidents <incidents@securityfocus.com> Date: 23 Oct 2003 11:38:19 +0000
Maybe attacker used a cgi scanner like whisker or nikto. This log
contains some whell-known vulnerable cgi's, misconfigured admin pages
and vulnerable php applications.
I don't think it's Retina. Retina can scan only some whell-known
vulnerabilities or buffer overflows and focused windows applications.
But i found some cgi applications for *nix in this log. I think it's a
cgi scanner.
-- Fatih Ozavci IT Security Consultant On Wed, 2003-10-22 at 19:23, Muhammad Naseer wrote: > Sounds to be Retina using CHM for HTTP. > > > Naseer > > > ----- Original Message ----- > From: "Maxime Ducharme" <maxime@pandore-design.com> > To: <incidents@securityfocus.com> > Sent: Wednesday, October 22, 2003 10:43 PM > Subject: Need help to find web server attacks signature > > > > > > Hi all, > > i'd need help to identify an attack that happened on one of our > > customer's web server yesterday, I put the log file here : > > http://www.pandore-design.com/security/2003-10-21-IIS-attack.txt > > > > I see some attacks that seem to be a security scanner tool, > > and some attacks which targets specific pages of the web site > > (where we begin to see 200 responses from the web server). > > > > Someone recognize a tool / virus / worm in this ? > > > > Thanks in advance for help > > > > --------------------------------------------------------------- > > Maxime Ducharme > > Administrateur reseau, Programmeur > > > > > > > > -------------------------------------------------------------------------- > - > > FREE Whitepaper: Better Management for Network Security > > > > Looking for a better way to manage your IP security? > > Learn how Solsoft can help you: > > - Ensure robust IP security through policy-based management > > - Make firewall, VPN, and NAT rules interoperable across heterogeneous > > networks > > - Quickly respond to network events from a central console > > > > Download our FREE whitepaper at: > > http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 > > -------------------------------------------------------------------------- > -- > > > > > --------------------------------------------------------------------------- > FREE Whitepaper: Better Management for Network Security > > Looking for a better way to manage your IP security? > Learn how Solsoft can help you: > - Ensure robust IP security through policy-based management > - Make firewall, VPN, and NAT rules interoperable across heterogeneous > networks > - Quickly respond to network events from a central console > > Download our FREE whitepaper at: > http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_incidents_031015 ----------------------------------------------------------------------------
- Previous message: Brian Collins: "Re: Bogus DNS traffic"
- In reply to: Muhammad Naseer: "Re: Need help to find web server attacks signature"
- Next in thread: David Gillett: "Bogus DNS traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
