From owner-freebsd-chat Mon Mar 25 10:30:36 2002 Delivered-To: freebsd-chat@freebsd.org Received: from smtp011.mail.yahoo.com (smtp011.mail.yahoo.com [216.136.173.31]) by hub.freebsd.org (Postfix) with SMTP id 948A037B42A for ; Mon, 25 Mar 2002 10:29:13 -0800 (PST) Received: from sgeine (AUTH login) at adsl-63-198-133-39.dsl.lsan03.pacbell.net (HELO edinburgh) (sgeine@63.198.133.39) by smtp.mail.vip.sc5.yahoo.com with SMTP; 25 Mar 2002 18:29:12 -0000 Reply-To: From: "Jesse Geddis" To: Cc: "Jarrod Sayers" , "FreeBSD-STABLE" Subject: RE: attempted exploits Date: Mon, 25 Mar 2002 10:29:12 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <20020325192547.A70216@freebie.xs4all.nl> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org /sigh heaven forbid something light hearted slips through. I didn't mean to upset the MAIL LIST POLICE, wilko lol. seems sometimes some forget what /dev/null is for and instead of putting what they don't want to see there they instead go out of their way with this sort of thing. I hope you find other things to do with your time my friend =) -----Original Message----- From: Wilko Bulte [mailto:wkb@freebie.xs4all.nl] Sent: Monday, March 25, 2002 10:26 AM To: Jesse Geddis Cc: Jarrod Sayers; FreeBSD-STABLE Subject: Re: attempted exploits On Mon, Mar 25, 2002 at 10:24:08AM -0800, Jesse Geddis wrote: What in heavens name does this have to do with FreeBSD -stable????? Followups to -chat (or /dev/null) Wilko > wow, this is nuts. getting it from 5 hosts on the same B now lol. > seems to propagate quite well. I read through the CERT advisory. seems > like a well written worm with many points of access. certainly fills > my log files. I feel sorry for all the NT users who have to deal with > MS timetable for patches lol > > -----Original Message----- > From: owner-freebsd-stable@FreeBSD.ORG > [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Jarrod Sayers > Sent: Sunday, March 24, 2002 9:58 PM > To: 'sgeine@yahoo.com'; FreeBSD-STABLE > Subject: RE: attempted exploits > > > Welcome back Nimda! We have noticed a sharp rise in the number of > attacks > starting over the weekend here. > > Jarrod Sayers > Information Technology Services Unit > University of South Australia, Magill Campus. > Phone: +61 8 8302 4809 > http://people.unisa.edu.au/jarrod.sayers > > > > -----Original Message----- > > From: Jesse Geddis [mailto:sgeine@yahoo.com] > > Sent: Monday, 25 March 2002 4:23 PM > > To: FreeBSD-STABLE > > Subject: attempted exploits > > > > > > wow, this person is quite effective. they've been trying this since > > this morning 4mins after i got my web server up. been doing it every > > half hour for 7 hours lol. trying to execute arbitrary Windows code > on > > a FreeBSD server! > > > > [Sun Mar 24 20:41:55 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe > > [Sun Mar 24 20:42:05 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..À¯../winnt/system32/cmd.exe > > [Sun Mar 24 20:42:10 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..Á../winnt/system32/cmd.exe > > [Sun Mar 24 20:42:29 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > > [Sun Mar 24 21:13:11 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/root.exe > > [Sun Mar 24 21:13:12 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/MSADC/root.exe > > [Sun Mar 24 21:13:13 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/c/winnt/system32/cmd.exe > > [Sun Mar 24 21:13:14 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/d/winnt/system32/cmd.exe > > [Sun Mar 24 21:13:15 2002] [error] [client 63.198.148.139] File does > > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe > > [Sun Mar 24 21:13:17 2002] [error] [client 63.198.148.139] File does > > not exist: > > > /archive/www/cia/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > > xe > > [Sun Mar 24 21:13:19 2002] [error] [client 63.198.148.139] File does > > not exist: > > > /archive/www/cia/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e > > xe > > [Sun Mar 24 21:13:20 2002] [error] [client 63.198.148.139] File does > > not exist: > > > /archive/www/cia/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/s > > ystem32 > > /cmd.exe > > > > Jesse Geddis > > > > > > > > "My fellow Americans, I've signed legislation that will outlaw > Russia > > forever. We begin bombing in five minutes." > > --Ronald Reagan > > > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message ---end of quoted text--- -- | / o / /_ _ wilko@FreeBSD.org |/|/ / / /( (_) Bulte Arnhem, the Netherlands _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message