From owner-freebsd-stable  Mon Mar 25 10:28:25 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4])
	by hub.freebsd.org (Postfix) with ESMTP id 977C237B405
	for <freebsd-stable@FreeBSD.ORG>; Mon, 25 Mar 2002 10:28:10 -0800 (PST)
Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18])
	by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id g2PIS6O09912;
	Mon, 25 Mar 2002 13:28:06 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-Id: <5.1.0.14.0.20020325132039.0240a4b0@marble.sentex.ca>
X-Sender: mdtpop@marble.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 25 Mar 2002 13:22:22 -0500
To: sgeine@yahoo.com, freebsd-stable@FreeBSD.ORG
From: Mike Tancsa <mike@sentex.net>
Subject: RE: attempted exploits
In-Reply-To: <NGBBKILMGLGEDIHMGJANMELGCBAA.sgeine@yahoo.com>
References: <E1962E8F1DF0D411878300A0C9ACB0F9022ABD3E@exstaff4.magill.unisa.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


There are / were patches to NIMDA/Code Red etc for some time *before* the=20
first appearance of the worm...

         ---Mike

At 10:24 AM 3/25/02 -0800, Jesse Geddis wrote:
>my log files. I feel sorry for all the NT users who have to deal with
>MS timetable for patches lol
>
>-----Original Message-----
>From: owner-freebsd-stable@FreeBSD.ORG
>[mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Jarrod Sayers
>Sent: Sunday, March 24, 2002 9:58 PM
>To: 'sgeine@yahoo.com'; FreeBSD-STABLE
>Subject: RE: attempted exploits
>
>
>Welcome back Nimda!  We have noticed a sharp rise in the number of
>attacks
>starting over the weekend here.
>
>Jarrod Sayers
>Information Technology Services Unit
>University of South Australia, Magill Campus.
>Phone: +61 8 8302 4809
>http://people.unisa.edu.au/jarrod.sayers
>
>
> > -----Original Message-----
> > From: Jesse Geddis [mailto:sgeine@yahoo.com]
> > Sent: Monday, 25 March 2002 4:23 PM
> > To: FreeBSD-STABLE
> > Subject: attempted exploits
> >
> >
> > wow, this person is quite effective. they've been trying this since
> > this morning 4mins after i got my web server up. been doing it every
> > half hour for 7 hours lol. trying to execute arbitrary Windows code
>on
> > a FreeBSD server!
> >
> > [Sun Mar 24 20:41:55 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..=C1../winnt/system32/cmd.exe
> > [Sun Mar 24 20:42:05 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..=C0=AF../winnt/system32/cmd.exe
> > [Sun Mar 24 20:42:10 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..=C1../winnt/system32/cmd.exe
> > [Sun Mar 24 20:42:29 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe
> > [Sun Mar 24 21:13:11 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/root.exe
> > [Sun Mar 24 21:13:12 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/MSADC/root.exe
> > [Sun Mar 24 21:13:13 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/c/winnt/system32/cmd.exe
> > [Sun Mar 24 21:13:14 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/d/winnt/system32/cmd.exe
> > [Sun Mar 24 21:13:15 2002] [error] [client 63.198.148.139] File does
> > not exist: /archive/www/cia/scripts/..%5c../winnt/system32/cmd.exe
> > [Sun Mar 24 21:13:17 2002] [error] [client 63.198.148.139] File does
> > not exist:
> >
>/archive/www/cia/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e
> > xe
> > [Sun Mar 24 21:13:19 2002] [error] [client 63.198.148.139] File does
> > not exist:
> >
>/archive/www/cia/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.e
> > xe
> > [Sun Mar 24 21:13:20 2002] [error] [client 63.198.148.139] File does
> > not exist:
> >
>/archive/www/cia/msadc/..%5c../..%5c../..%5c/..=C1../..=C1../..=C1../winnt/=
s
> > ystem32
> > /cmd.exe
> >
> > Jesse Geddis
> >
> >
> >
> > "My fellow Americans, I've signed legislation that will outlaw
>Russia
> > forever. We begin bombing in five minutes."
> > --Ronald Reagan
> >
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-stable" in the body of the message
> >
> >
> >
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-stable" in the body of the message
>
>
>_________________________________________________________
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-stable" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message