Date: Fri, 22 Feb 2002 07:37:04 -0800 (PST) From: Tim Erlin <tperlin@yahoo.com> To: Jim Freeze <jfreeze@freebsdportal.com>, freebsd-questions@freebsd.org Subject: Re: Script Kiddies Trying to Hack Me? Message-ID: <20020222153704.5969.qmail@web11705.mail.yahoo.com> In-Reply-To: <20020222102602.A14033@freebsdportal.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You're right that it's an attempted hack. Welcome to the world of Nimda (and other such worms). It's probably an unwitting DSL user, not a malicious hacker, though the difference is so nebulous these days... --Tim --- Jim Freeze <jfreeze@freebsdportal.com> wrote: > Hi: > > I was just browsing my log files on a site/ip > address that has > been live less than 12 hrs and came across: > > 63.219.136.226 - - [22/Feb/2002:09:29:18 -0500] "GET > /scripts/root.exe?/c+dir HTTP/1.0" 404 285 > 63.219.136.226 - - [22/Feb/2002:09:29:18 -0500] "GET > /MSADC/root.exe?/c+dir HTTP/1.0" 404 283 > 63.219.136.226 - - [22/Feb/2002:09:29:19 -0500] "GET > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 > 63.219.136.226 - - [22/Feb/2002:09:29:19 -0500] "GET > /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 > 63.219.136.226 - - [22/Feb/2002:09:29:19 -0500] "GET > /scripts/..%255c../winnt/system32/cmd.exe?/c+dir > HTTP/1.0 > " 404 307 > > This looks like someone trying to get access to an > NT system command, > and my guess is that they are up to no good. > Is this a fair assumption? I would guess that this > is fairly > common and that these guys are scanning new machines > all the time. > > Makes me want to be sure that I get a firewall up > before I put > a machine on the net. > -- > Jim Freeze > "Give some people an attoparsec and > they'll take 16.093 Tera-angstroms" > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020222153704.5969.qmail>