Date: Sat, 7 Apr 2001 11:14:04 -0400 (EDT) From: Jim Weeks <jim@siteplus.net> To: Kal Torak <kaltorak@quake.com.au> Cc: Walter Hop <walter@binity.com>, freebsd-isp@FreeBSD.ORG Subject: Re: Look familiar? Message-ID: <Pine.BSF.4.21.0104071053070.5476-100000@veager.siteplus.net> In-Reply-To: <3ACF2531.49B7CC17@quake.com.au>
index | next in thread | previous in thread | raw e-mail
Thanks for the quick response. I am not familiar with ISS, so I wasn't sure if this was a known attack ploy. I have had a few other file not found errors that look suspicious as well as this sendmail error. Apr 4 00:19:57 aurora sendmail[8764]: AAA08756: Truncated MIME Content-Disposition header due to field size (possible attack) -- Jim Weeks On Sun, 8 Apr 2001, Kal Torak wrote: > Jim Weeks wrote: > > > > While checking one of my apache error logs this morning, I find a long > > list of the following error. > > I was wondering if it makes sense to anyone? I am especially curious > > about characters "À¯". > > > > [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not > > exist: > > /usr/local/www/data/scripts/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/winnt/system32/cmd.exe > > > > [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not > > exist: > > /usr/local/www/data/scripts/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/winnt/system32/cmd.exe > > > Looks like some sort of buffer overflow attack, and they are then trying > to spawn the cmd shell (if you can even call it a shell)... > > Since your unix system is not windows, even if the buffer overflow worked > they sure wouldnt be able to run cmd.exe :P > Obviously this is one of the great new holes in NT + ISS that are found > every second day... > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104071053070.5476-100000>