Re: CMD.exe
From: Don Kelloway (dkelloway@commodon.com)
Date: 11/30/02
- Next message: Me: "Re: Hi. My name is Debbie. I am an idiot"
- Previous message: Nick Thurn: "NTLM Authentication from UNIX"
- In reply to: Lee: "CMD.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Don Kelloway" <dkelloway@commodon.com> Date: Fri, 29 Nov 2002 23:23:34 GMT
Lee,
It would appear that your logs reflect various attempts to see if your
system is susceptible to being compromised via directory traversal. If
you've applied all the latest patches and implemented Microsoft's URLScan,
you can ensure that your system is not vulnerable to these or any other
exploits such as NIMDA, CodeRed, CodeRed II or the lesser known CodeBlue.
-- Best Regards, Don Kelloway Commodon Communications http://www.commodon.com Visit http://www.commodon.com to learn about Back Orifice, NetBus, SubSeven, etc. All of which are "Threats to Your Security on the Internet". "Lee" <lee3925@hotmail.com> wrote in message news:184dab8c.0211271144.abce373@posting.google.com... > 24.130.88.22 - - [26/Nov/2002:14:46:46 +1133] "GET > /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 144 > 24.159.70.125 - - [26/Nov/2002:14:51:27 +1133] "GET > /scripts/root.exe?/c+dir HTTP/1.0" 302 144 > 24.159.70.125 - - [26/Nov/2002:14:51:27 +1133] "GET > /MSADC/root.exe?/c+dir HTTP/1.0" 302 144 > 24.159.70.125 - - [26/Nov/2002:14:51:28 +1133] "GET > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 144 > 24.159.70.125 - - [26/Nov/2002:14:51:28 +1133] "GET > /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 144 > 24.159.70.125 - - [26/Nov/2002:14:51:29 +1133] "GET > /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 144 > 24.159.70.125 - - [26/Nov/2002:14:51:29 +1133] "GET > /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" 302 144 > 24.159.70.125 - - [26/Nov/2002:14:51:30 +1133] "GET > /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0" 302 144 > 24.159.70.125 - - [26/Nov/2002:14:51:33 +1133] "GET > /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy stem32/cmd.exe?/c+dir > HTTP/1.0" 302 144 > > ------------ > > I am having this file trying to be obtained from my webserver > constantly. I have ran test on my computer for both nimda and CodeRed > and both have resulted negative. I also have downloaded the IIS patch > from Microsoft and the problems still exist. Any ideas? I am running > a webserver on Windows XP. Any/All help is appreciated. >
- Next message: Murali Vasudevan: "Re: Securing a web DB"
- Next message: Me: "Re: Hi. My name is Debbie. I am an idiot"
- Previous message: Nick Thurn: "NTLM Authentication from UNIX"
- In reply to: Lee: "CMD.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
