Re: Need help to find web server attacks signature

From: Tri Huynh (trihuynh_at_zeeup.com)
Date: 10/24/03

  • Next message: David Gillett: "RE: [inbox] RE: Bogus DNS traffic" 
    To: "Maxime Ducharme" <maxime@pandore-design.com>, <incidents@securityfocus.com>
Date: Fri, 24 Oct 2003 03:27:50 -0700

    I think it is an automated CGI-scanner. However, it looks like one of your
    asp file
    return ODBC error messages, which i think is not good at all.

    Hope that help,

    Trihuynh
    Sentryunion
    ----- Original Message -----
    From: "Maxime Ducharme" <maxime@pandore-design.com>
    To: <incidents@securityfocus.com>
    Sent: Wednesday, October 22, 2003 10:43 AM
    Subject: Need help to find web server attacks signature

    >
    > Hi all,
    > i'd need help to identify an attack that happened on one of our
    > customer's web server yesterday, I put the log file here :
    > http://www.pandore-design.com/security/2003-10-21-IIS-attack.txt
    >
    > I see some attacks that seem to be a security scanner tool,
    > and some attacks which targets specific pages of the web site
    > (where we begin to see 200 responses from the web server).
    >
    > Someone recognize a tool / virus / worm in this ?
    >
    > Thanks in advance for help
    >
    > ---------------------------------------------------------------
    > Maxime Ducharme
    > Administrateur reseau, Programmeur
    >
    >
    >
    > --------------------------------------------------------------------------
    -
    > FREE Whitepaper: Better Management for Network Security
    >
    > Looking for a better way to manage your IP security?
    > Learn how Solsoft can help you:
    > - Ensure robust IP security through policy-based management
    > - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    > networks
    > - Quickly respond to network events from a central console
    >
    > Download our FREE whitepaper at:
    > http://www.securityfocus.com/sponsor/Solsoft_incidents_031015
    > -------------------------------------------------------------------------- 

    --
>
>
>
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------
  • Next message: David Gillett: "RE: [inbox] RE: Bogus DNS traffic"

    Relevant Pages

    • [NEWS] Multiple Red-M 1050 Blue Tooth Access Point Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... compatible devices looking to obtain IP network access. ... * Red-M 1050 Access Point Management Web Server DoS ... A number of other IP/Layer2 based attacks for traffic redirection ...
      (Securiteam)
    • Re: Fwd: Penetration test of 1 IP address
      ... the client had asked him if they could test the "security" of the boxes ... on his network, and they agreed that they could. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • REVIEW: "Hacking Exposed", Stuart McClure/Joel Scambray/George Kurtz
      ... Network Security Secrets and Solutions, ... Part three deals with network weaknesses. ... a few denial of service attacks. ...
      (comp.security.misc)
    • repost from the blackhat convention about web parts/apps
      ... a South African security consultant. ... Chief of Staff," provides an overview showing what attacks have ... commonly trying to intrude upon your network ... Web apps can encapsulate complex business ...
      (microsoft.public.sharepoint.portalserver.development)
    • Re: Need help to find web server attacks signature
      ... IT Security Consultant ... >> I see some attacks that seem to be a security scanner tool, ... Better Management for Network Security ... >> - Ensure robust IP security through policy-based management ...
      (Incidents)